CVE-2024-14033— Hirschmann EagleSDV Denial of Service via TLS
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Belden | Hirschmann EagleSDV | 05.4.02 | unaffected |
< 05.4.01 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-14033
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hirschmann EagleSDV Denial of Service via TLS
Source: NVD (National Vulnerability Database)
Vulnerability Description
Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden Hirschmann EagleSDV 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden Hirschmann EagleSDV是美国Belden公司的一款工业网络安全防火墙设备。 Belden Hirschmann EagleSDV存在资源管理错误漏洞,该漏洞源于HiLCOS Web接口存在堆溢出,可能导致未经身份验证的远程攻击者触发拒绝服务条件。以下型号受到影响:BAT-R、BAT-F、BAT450-F、BAT867-R、BAT867-F、WLC和BAT Controller Virtual。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belden | Hirschmann EagleSDV | 0 ~ 05.4.01 | - |
II. Public POCs for CVE-2024-14033
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-14033
请登录查看更多情报信息。
Vendor Pages for CVE-2024-14033 (1)
Same Patch Batch · Belden · 2026-04-02 · 6 CVEs total
| CVE-2024-14034 | 9.8 CRITICAL | Hirschmann HiEOS Authentication Bypass via HTTP Management Module |
| CVE-2023-7342 | 8.8 HIGH | Belden HiSecOS Web Server Privilege Escalation |
| CVE-2025-15620 | 8.6 HIGH | HiOS Switch Platform Denial-of-Service via Web Interface |
| CVE-2023-7343 | 7.8 HIGH | Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File |
| CVE-2022-4986 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
IV. Related Vulnerabilities
Same vendor: Belden
- CVE-2017-20234
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardc - CVE-2017-20233
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traff - CVE-2018-25236
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Manag - CVE-2021-4477
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass - CVE-2017-20238
Hirschmann Industrial HiVision Improper Authorization Privil
Same weakness: CWE-400
- CVE-2026-41708
Spring Cloud Sleuth instrumentation of Spring TX DoS vulnera - CVE-2026-5079
multer vulnerable to Denial of Service via deeply nested fie - CVE-2026-50011
Netty has unbounded pre-allocation in RedisArrayAggregator f - CVE-2026-48043
netty-codec-http2: ByteBuf Reference-Count Leak in Delegatin - CVE-2026-47244
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enfo
V. Comments for CVE-2024-14033
No comments yet