Hirschmann HiSecOS devices are vulnerable to a critical buffer overflow that allows remote attackers to achieve code execution or cause a permanent denial of service.

When RADIUS authentication is active, the HTTPS login interface fails to perform bounds checking on password inputs. Submitting a password exceeding 128 characters triggers a buffer overflow.

An attacker can exploit this to gain remote code execution or render the security device inoperable (Denial of Service). Given the CVSS score of 9.8, this represents a critical threat to the availability and integrity of the network security perimeter.

Immediate Action: Update HiSecOS firmware to version 05.3.03 or later. If updating is not immediately possible, consider temporarily disabling RADIUS authentication if an alternative exists.

Proactive Monitoring: Monitor system logs for device crashes or repeated failed login attempts involving unusually long character strings.

Compensating Controls: Use a Web Application Firewall or specialized IPS signatures to drop HTTPS POST requests to the login page that contain excessively long password fields.

Public Exploit Available: false

Buffer overflows in authentication interfaces are highly dangerous. Administrators must prioritize the firmware update to version 05.3.03 to ensure the stability and security of their HiSecOS deployments.