{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2017-20233", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-03T17:40:03.508Z", "datePublished": "2026-04-03T22:47:07.496Z", "dateUpdated": "2026-04-06T16:50:39.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:47:07.496Z"}, "title": "Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass", "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall."}], "datePublic": "2017-05-08T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper access control", "type": "CWE"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.10.5126-REL"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.12.5500-REL"}, {"status": "unaffected", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Belden", "product": "Hirschmann HiLCOS BAT867", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.14.5500-REL"}, {"status": "affected", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "references": [{"url": "https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass", "tags": ["third-party-advisory"]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T16:50:22.722467Z", "id": "CVE-2017-20233", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:50:39.698Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-20233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T16:50:22.722467Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:50:29.107Z"}}], "cna": {"title": "Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traffic Bypass", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.10.5126-REL"}, {"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.12.5500-REL"}, {"status": "unaffected", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Belden", "product": "Hirschmann HiLCOS BAT867", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "9.14.5500-REL"}, {"status": "affected", "version": "0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2017-05-08T00:00:00.000Z", "references": [{"url": "https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper access control"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:47:07.496Z"}}}, "cveMetadata": {"cveId": "CVE-2017-20233", "state": "PUBLISHED", "dateUpdated": "2026-04-06T16:50:39.698Z", "dateReserved": "2026-04-03T17:40:03.508Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-03T22:47:07.496Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall."}], "id": "CVE-2017-20233", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-03T23:16:59.763", "references": [{"source": "disclosure@vulncheck.com", "url": "https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.10.5126-REL]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.12.5500-REL]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "0"}}], "original": {"product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hilcos_bat450", "vendor": "belden"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.14.5500-REL]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "hirschmann_hilcos_bat867", "vendor": "belden"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.10.5126-REL]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.12.5500-REL]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hilcos_openbat", "vendor": "belden"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.10.5126-REL]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.12.5500-REL]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "0"}}], "original": {"product": "Hirschmann HiLCOS OpenBAT, BAT450, WLC", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hilcos_wlc", "vendor": "belden"}], "analysis": {"en": {"generated_at": "2026-04-04T01:21:27.842403+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware patch released by Hirschmann for the affected HiLCOS devices", "Ensure that management IP address filtering is enabled or disable multicast/broadcast traffic filtering if it is not required", "Verify that firewall filtering rules are correctly enforced for multicast and broadcast traffic", "Monitor network traffic for suspicious multicast or broadcast packets that should normally be blocked"], "summary": {"action": "Patch immediately", "impact": "Firewall filtering bypass for multicast/broadcast traffic"}, "threat_synthesis": {"affected_systems": "Affected products include Hirschmann HiLCOS BAT867, OpenBAT, BAT450 and Wireless LAN Controller (WLC); the affected firmware or software versions are not specified in the public report.", "description_and_impact": "The vulnerability in Hirschmann HiLCOS products allows a firewall to fail when filtering IPv4 multicast and broadcast traffic if management IP address filtering is disabled, enabling attackers to inject or observe multicast/broadcast packets that should be blocked by configured rules, thereby bypassing intended traffic restrictions. This weakness is categorized as a lack of proper authorization control (CWE-284).", "risk_and_exploitability": "The CVSS score of 5.9 indicates moderate severity, and although no EPSS score is available and it is not listed in the CISA KEV catalog, the attack remains feasible for adversaries with network access. The likely attack vector is by sending malicious multicast or broadcast frames through the network when management IP address filtering is turned off, leveraging the firewall\u2019s bypass to gain non\u2011authorized network traffic visibility or injection."}}}}, "created": "2026-04-06T21:21:59.224222+00:00", "updated": "2026-04-06T22:21:37.378673+00:00", "vendors": ["belden", "belden$PRODUCT$hirschmann_hilcos_bat450", "belden$PRODUCT$hirschmann_hilcos_bat867", "belden$PRODUCT$hirschmann_hilcos_openbat", "belden$PRODUCT$hirschmann_hilcos_wlc"]}