A critical authentication bypass in Hirschmann HiEOS industrial switches allows unauthenticated remote attackers to gain full administrative control, potentially disrupting industrial control systems.

The HTTP(S) management module fails to properly validate authentication for specially crafted requests. This allows an unauthenticated remote attacker to bypass login requirements, gain administrative privileges, and perform high-impact actions like firmware modification or configuration tampering.

In an Industrial Control System (ICS) environment, unauthorized access to networking hardware can lead to the disruption of critical processes or physical damage. The CVSS score of 9.8 reflects the extreme risk, as attackers could modify network traffic or create persistent backdoors via malicious firmware updates.

Immediate Action: Update Hirschmann HiEOS devices to version 01.1.00 or later immediately to resolve the authentication handling logic error.

Proactive Monitoring: Monitor network traffic for unusual HTTP(S) management traffic directed at industrial switches and review device logs for unauthorized configuration changes or firmware update events.

Compensating Controls: Disable the web-based management interface if not required, or isolate the management network from the public internet and general corporate LAN using a strict firewall policy.

Public Exploit Available: No

This vulnerability is particularly dangerous due to its location in industrial networking equipment. Administrators should prioritize patching these devices during the next available maintenance window or immediately if the devices are reachable from untrusted networks to prevent operational technology (OT) disruptions.