CVE-2016-15058
Essential information
- Published
- 03/04/2026 22:16
- Modified
- 03/04/2026 22:16
- Author
- —
- Creator
- —
- CVSS
- 8.6 HIGH (v3) 8.6 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- ADJACENT
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- HIGH
- Confidentiality (S)
- NONE
- Integrity (V)
- HIGH
- Integrity (S)
- NONE
- Availability (V)
- NONE
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| hirschmann / hilcos | cpe:2.3:h:hirschmann:hilcos:*:*:*:*:*:*:*:* |
| hirschmann / hilcos classic l2e | cpe:2.3:a:hirschmann:hilcos_classic_l2e:*:<09.0.06:*:*:*:*:*:* |
| hirschmann / hilcos classic l2p | cpe:2.3:a:hirschmann:hilcos_classic_l2p:*:<09.0.06:*:*:*:*:*:* |
| hirschmann / hilcos classic l3e | cpe:2.3:a:hirschmann:hilcos_classic_l3e:*:<09.0.06:*:*:*:*:*:* |
| hirschmann / hilcos classic l3p | cpe:2.3:a:hirschmann:hilcos_classic_l3p:*:<09.0.06:*:*:*:*:*:* |
| hirschmann / hilcos classic l2b | cpe:2.3:a:hirschmann:hilcos_classic_l2b:*:<05.3.07:*:*:*:*:*:* |