CVE-2016-15058
Credential Exposure in Hirschmann HiLCOS Switches via SNMP Traffic
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hilcos_classic_platform | to 09.0.06 (exc) |
| hirschmann | hilcos_classic_platform | to 05.3.07 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Hirschmann HiLCOS Classic Platform switches (Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07). It involves credential exposure where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when this feature is enabled.
Attackers who have local network access can sniff SNMP traffic or extract configuration data to recover these plaintext credentials, which can then be used to gain unauthorized administrative access to the switches.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized administrative access to affected Hirschmann switches. This means an attacker with local network access could intercept plaintext passwords and use them to control the switches, potentially disrupting network operations or accessing sensitive network configurations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the exposure of user passwords in plaintext over SNMPv1/v2, which can lead to unauthorized administrative access to network switches.
Such exposure of sensitive credentials could potentially violate security requirements in common standards and regulations like GDPR and HIPAA, which mandate protection of sensitive data and secure access controls.
However, the provided information does not explicitly state the impact on compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring SNMP traffic on the local network for plaintext transmission of user passwords synchronized with SNMPv1/v2 community strings.
Commands to detect this may include using network packet capture tools such as tcpdump or Wireshark to sniff SNMP traffic and inspect community strings and payloads for plaintext credentials.
- tcpdump -i <interface> port 161 -w snmp_traffic.pcap
- wireshark snmp_traffic.pcap (to analyze captured SNMP packets for plaintext passwords)
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the feature that synchronizes user passwords with SNMPv1/v2 community strings to prevent plaintext transmission.
Additionally, restrict SNMP access to trusted hosts only and consider upgrading the Hirschmann HiLCOS Classic Platform switches to versions 09.0.06 or later for Classic L2E, L2P, L3E, L3P, and 05.3.07 or later for Classic L2B.