CVE-2016-15058

April 3, 2026, 10:16 p.m.

8.6
High

Description

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.

Product(s) Impacted

Vendor Product Versions
Hirschmann
  • Hilcos
  • Hilcos Classic L2e
  • Hilcos Classic L2p
  • Hilcos Classic L3e
  • Hilcos Classic L3p
  • Hilcos Classic L2b
  • *
  • *
  • *
  • *
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-257
Storing Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
h hirschmann hilcos / / / / / / / /
a hirschmann hilcos_classic_l2e / <09.0.06 / / / / / /
a hirschmann hilcos_classic_l2p / <09.0.06 / / / / / /
a hirschmann hilcos_classic_l3e / <09.0.06 / / / / / /
a hirschmann hilcos_classic_l3p / <09.0.06 / / / / / /
a hirschmann hilcos_classic_l2b / <05.3.07 / / / / / /

References

https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf
https://www.kb.cert.org/vuls/id/507216
https://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp

Tags

CWE-257
[email protected]
2026-04-03
CVE-2016-15058

CVSS Score

8.6 / 10

CVSS Data - 4.0

  • Attack Vector: ADJACENT
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: April 3, 2026, 10:16 p.m.
Last Modified: April 3, 2026, 10:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.