Firewall Bypass Vulnerability in Hirschmann HiLCOS OpenBAT and BAT450 Products
CVE-2021-4477

9.3CRITICAL

Key Information:

Vendor: Belden
Status: Hirschmann Hilcos Openbat
Vendor: CVE Published:; 3 April 2026

What is CVE-2021-4477?

Hirschmann HiLCOS OpenBAT and BAT450 products contain a vulnerability that enables a firewall bypass specifically within IPv6 IPsec deployments. This flaw allows attackers to establish IPv6 IPsec connections (using either IKEv1 or IKEv2) while utilizing an IPv6 Internet connection, which leads to the circumvention of configured firewall rules. As a result, malicious traffic from VPN connections can access the network without proper enforcement of firewall policies, exposing systems to potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Hirschmann HiLCOS OpenBAT 3.80-REL

Hirschmann HiLCOS OpenBAT 8.90-REL

Hirschmann HiLCOS OpenBAT 9.00-REL

References

https://assets.belden.com/m/5fd1a50fa50cb252/original/Bel...

vendor-advisory

https://www.vulncheck.com/advisories/hirschmann-hilcos-op...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Apr 3, 2026

JSON

Belden

What is CVE-2021-4477?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.