{"cve":{"cve_id":"CVE-2017-20233","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00204,"epss_percentile":0.1031,"epss_as_of":"2026-06-23","description":"Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.","published_at":"2026-04-03T22:47:07.496000Z","last_modified_at":null,"cvss_v3_score":5.4,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":5.3,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-284"],"nvd_references":["https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf","https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:09:55.104345Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"belden","vendor_name":"Belden","product_slug":"hirschmann-hilcos-bat867","product_name":"Hirschmann HiLCOS BAT867","version_start":"0","version_start_inclusive":true,"version_end":"9.14.5500-REL","version_end_inclusive":true,"cpe23_uri":"cve5:belden:hirschmann-hilcos-bat867:0:9.14.5500-REL"},{"vendor_slug":"belden","vendor_name":"Belden","product_slug":"hirschmann-hilcos-bat867","product_name":"Hirschmann HiLCOS BAT867","version_start":"0","version_start_inclusive":true,"version_end":"0","version_end_inclusive":true,"cpe23_uri":"cve5:belden:hirschmann-hilcos-bat867:0:0"},{"vendor_slug":"belden","vendor_name":"Belden","product_slug":"hirschmann-hilcos-openbat-bat450-wlc","product_name":"Hirschmann HiLCOS OpenBAT, BAT450, WLC","version_start":"0","version_start_inclusive":true,"version_end":"9.10.5126-REL","version_end_inclusive":true,"cpe23_uri":"cve5:belden:hirschmann-hilcos-openbat-bat450-wlc:0:9.10.5126-REL"},{"vendor_slug":"belden","vendor_name":"Belden","product_slug":"hirschmann-hilcos-openbat-bat450-wlc","product_name":"Hirschmann HiLCOS OpenBAT, BAT450, WLC","version_start":"0","version_start_inclusive":true,"version_end":"9.12.5500-REL","version_end_inclusive":true,"cpe23_uri":"cve5:belden:hirschmann-hilcos-openbat-bat450-wlc:0:9.12.5500-REL"}],"exploit_refs":[],"news":[],"references":[{"url":"https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf","source_type":"MISC","tags":[]},{"url":"https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-04-03T22:47:07.496000Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:08.600596Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:08.600596Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:08.600596Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:08.600596Z","label":"CVSS score revised","source":"vulnrichment"}]}