Hirschmann HiLCOS OpenBAT and BAT450 products contain a... · CVE-2021-4477 · GitHub Advisory Database · GitHub

Hirschmann HiLCOS OpenBAT and BAT450 products contain a...

Critical severity Unreviewed Published Apr 4, 2026 to the GitHub Advisory Database • Updated Apr 4, 2026

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or IKEv2) while simultaneously using an IPv6 Internet connection to circumvent firewall policy enforcement.

References

Published by the National Vulnerability Database

Apr 3, 2026

Published to the GitHub Advisory Database Apr 4, 2026

Last updated Apr 4, 2026

Severity

Critical

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

⚡