{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-4477", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-03T16:46:37.018Z", "datePublished": "2026-04-03T22:37:45.879Z", "dateUpdated": "2026-04-06T13:17:07.744Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:37:45.879Z"}, "title": "Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass", "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement."}], "datePublic": "2021-01-11T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper access control", "type": "CWE"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiLCOS OpenBAT", "versions": [{"status": "affected", "version": "3.80-REL", "versionType": "custom"}, {"status": "affected", "version": "8.90-REL", "versionType": "custom"}, {"status": "affected", "version": "9.00-REL", "versionType": "custom"}, {"status": "affected", "version": "9.00-RU1", "versionType": "custom"}, {"status": "affected", "version": "9.10-REL", "versionType": "custom"}, {"status": "affected", "version": "9.12-REL", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU1", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU2", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU3", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU4", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU5", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU6", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU7", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU8", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU9", "versionType": "custom"}, {"status": "affected", "version": "9.13-REL", "versionType": "custom"}, {"status": "affected", "version": "9.13-RU1", "versionType": "custom"}, {"status": "affected", "version": "10.12-REL", "versionType": "custom"}, {"status": "affected", "version": "10.12-RU1", "versionType": "custom"}, {"status": "unaffected", "version": "10.12-RU2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "references": [{"url": "https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T13:16:56.315497Z", "id": "CVE-2021-4477", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:17:07.744Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T13:16:56.315497Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:17:02.444Z"}}], "cna": {"title": "Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Belden", "product": "Hirschmann HiLCOS OpenBAT", "versions": [{"status": "affected", "version": "3.80-REL", "versionType": "custom"}, {"status": "affected", "version": "8.90-REL", "versionType": "custom"}, {"status": "affected", "version": "9.00-REL", "versionType": "custom"}, {"status": "affected", "version": "9.00-RU1", "versionType": "custom"}, {"status": "affected", "version": "9.10-REL", "versionType": "custom"}, {"status": "affected", "version": "9.12-REL", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU1", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU2", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU3", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU4", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU5", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU6", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU7", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU8", "versionType": "custom"}, {"status": "affected", "version": "9.12-RU9", "versionType": "custom"}, {"status": "affected", "version": "9.13-REL", "versionType": "custom"}, {"status": "affected", "version": "9.13-RU1", "versionType": "custom"}, {"status": "affected", "version": "10.12-REL", "versionType": "custom"}, {"status": "affected", "version": "10.12-RU1", "versionType": "custom"}, {"status": "unaffected", "version": "10.12-RU2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2021-01-11T00:00:00.000Z", "references": [{"url": "https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass"}], "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper access control"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-03T22:37:45.879Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4477", "state": "PUBLISHED", "dateUpdated": "2026-04-06T13:17:07.744Z", "dateReserved": "2026-04-03T16:46:37.018Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-03T22:37:45.879Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement."}], "id": "CVE-2021-4477", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:01.043", "references": [{"source": "disclosure@vulncheck.com", "url": "https://assets.belden.com/m/5fd1a50fa50cb252/original/Belden-Security-Bulletin-BSECV-1v0-2019-09.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-openbat-bat450-ipv6-ipsec-firewall-bypass"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.80-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.90-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.00-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.00-RU1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.10-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.12-RU9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.13-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.13-RU1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.12-REL"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.12-RU1"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "10.12-RU2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Hirschmann HiLCOS OpenBAT", "source": "cna", "vendor": "Belden"}, "product": "hirschmann_hilcos_openbat", "vendor": "belden"}], "analysis": {"en": {"generated_at": "2026-04-04T01:22:41.660654+00:00", "value": {"mitigation_remediation": ["Check Belden/Hirschmann product documentation and apply the latest firmware update that patches the IPv6 IPsec firewall bypass. If an update is not yet released, disable or remove IPv6 IPsec support on the device until a fix is available. Consider enforcing additional filtering rules to reject VPN traffic that originates from external sources. Monitor device logs for unusual IPsec negotiations or traffic that appears to bypass the firewall."], "summary": {"action": "Immediate Patch", "impact": "Bypasses firewall rules for IPv6 IPsec VPN traffic"}, "threat_synthesis": {"affected_systems": "Devices from Hirschmann under the HiLCOS OpenBAT line, including the BAT450 series. The vulnerability is present in all firmware versions of these models that still support IPv6 IPsec.", "description_and_impact": "Hirschmann HiLCOS OpenBAT and BAT450 devices have a flaw that lets attackers avoid firewall configurations when they set up IPv6 IPsec VPN connections. The CVE allows an adversary to create IKEv1 or IKEv2 sessions that carry traffic directly into the protected network, effectively bypassing any packet filtering rules. This can expose internal hosts to undetected intrusion or data exfiltration because the firewall no longer sees the packets as originating from a prohibited source.", "risk_and_exploitability": "With a CVSS score of 9.3 the issue is considered critical. Exploitation requires only the ability to negotiate an IPv6 IPsec connection, which is typically achievable with remote network access and legitimate VPN credentials. Attackers can manipulate the connection parameters, so the exploit does not need privileged local access. The vulnerability is not listed in the CISA KEV catalog, and no EPSS score is available, but the high severity indicates a strong potential for real-world attacks."}}}}, "created": "2026-04-06T21:22:04.650587+00:00", "updated": "2026-04-06T22:21:42.700663+00:00", "vendors": ["belden", "belden$PRODUCT$hirschmann_hilcos_openbat"]}