CVE-2016-15058 HIGH

CVE-2016-15058: Hirschmann HiLCOS Classic Platform Password Exposure via SNMP

Vendor Belden
Product Hirschmann HiLCOS Classic Platform
Weakness CWE-257
Published April 3, 2026
Last update May 14, 2026

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
May 14, 2026 Record updated