CVE-2024-14033: CWE-400: Uncontrolled Resource Consumption in Belden Hirschmann EagleSDV
CVE-2024-14033 is a heap overflow vulnerability in the HiLCOS web interface of Belden Hirschmann EagleSDV industrial IT products. This flaw allows unauthenticated remote attackers to cause a denial-of-service (DoS) by sending specially crafted requests, leading to device crashes and service disruption. The issue is particularly impactful when the Public Spot functionality is enabled. The vulnerability has a high severity rating with a CVSS score of 7. 5. There is no information about available patches or vendor advisories addressing this issue. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
Belden Hirschmann EagleSDV products, including models BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, and BAT Controller Virtual, contain a heap overflow vulnerability in the HiLCOS web interface. This vulnerability (CVE-2024-14033) allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests. Exploitation results in crashing the affected device, causing service disruption, especially when the Public Spot feature is enabled. The CVSS 3.1 base score is 7.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (denial of service). No patch or official remediation guidance is currently documented.
Potential Impact
Successful exploitation causes a denial-of-service condition by crashing the device, disrupting network services provided by the affected Hirschmann EagleSDV products. The impact is availability loss without confidentiality or integrity compromise. This can affect industrial network operations relying on these devices, particularly if Public Spot functionality is active.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider disabling the Public Spot functionality if feasible to reduce exposure. Monitor for vendor updates and apply official patches or mitigations once released.
CVE-2024-14033: CWE-400: Uncontrolled Resource Consumption in Belden Hirschmann EagleSDV
Description
CVE-2024-14033 is a heap overflow vulnerability in the HiLCOS web interface of Belden Hirschmann EagleSDV industrial IT products. This flaw allows unauthenticated remote attackers to cause a denial-of-service (DoS) by sending specially crafted requests, leading to device crashes and service disruption. The issue is particularly impactful when the Public Spot functionality is enabled. The vulnerability has a high severity rating with a CVSS score of 7. 5. There is no information about available patches or vendor advisories addressing this issue. No known exploits are reported in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Belden Hirschmann EagleSDV products, including models BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, and BAT Controller Virtual, contain a heap overflow vulnerability in the HiLCOS web interface. This vulnerability (CVE-2024-14033) allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests. Exploitation results in crashing the affected device, causing service disruption, especially when the Public Spot feature is enabled. The CVSS 3.1 base score is 7.5, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (denial of service). No patch or official remediation guidance is currently documented.
Potential Impact
Successful exploitation causes a denial-of-service condition by crashing the device, disrupting network services provided by the affected Hirschmann EagleSDV products. The impact is availability loss without confidentiality or integrity compromise. This can affect industrial network operations relying on these devices, particularly if Public Spot functionality is active.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider disabling the Public Spot functionality if feasible to reduce exposure. Monitor for vendor updates and apply official patches or mitigations once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-01T21:08:43.378Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceed4ae6bfc5ba1d039aaa
Added to database: 4/2/2026, 10:27:22 PM
Last enriched: 5/20/2026, 7:00:38 PM
Last updated: 5/20/2026, 9:36:55 PM
Views: 66
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.