Description
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Published: 2026-04-03
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Hard‑coded SSH and SSL credentials that are identical across all Hirschmann HiLCOS devices are unchangeable, violating secure key management practices (CWE‑321). Because the same private key pair is shipped with each device, an unauthenticated attacker who can reach the device over the network can decrypt or tamper with encrypted management traffic. This enables a man‑in‑the‑middle attack, device impersonation, and the exposure of sensitive configuration data, compromising confidentiality and integrity of the management channel.

Affected Systems

Devices affected by this weakness are Belden Hirschmann HiLCOS OpenBAT, WLC, BAT300, and BAT54 models running firmware versions earlier than 8.80. Additionally, OpenBAT devices with firmware below 9.10 are vulnerable. These models are commonly used in industrial and enterprise control environments, which increases the potential impact if compromised.

Risk and Exploitability

The CVSS base score of 8.8 indicates a high severity vulnerability. The EPSS score of 6 × 10⁻⁵ (0.006 %) reflects a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote over the network, requiring no authentication. Once the device is reachable, the attacker can immediately exploit the fixed keys, making the threat high with low effort and high benefit.

Generated by OpenCVE AI on May 12, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version later than 8.80 for OpenBAT, WLC, BAT300, and BAT54, or to a later than 9.10 for OpenBAT.
  • Isolate the device from untrusted networks and enforce network segmentation or firewall rules that block unsolicited SSH/SSL management connections.
  • Continuously monitor for anomalous SSH or SSL traffic and verify that only authorized management sessions occur after remediation.

Generated by OpenCVE AI on May 12, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

 cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Belden
Belden hirschmann Hilcos
Vendors & Products Belden
Belden hirschmann Hilcos

Mon, 06 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Title Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Belden Hirschmann Hilcos
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-12T20:46:12.770Z

Reserved: 2026-04-03T21:32:33.851Z

Link: CVE-2015-10148

cve-icon Vulnrichment

Updated: 2026-04-06T13:11:18.314Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T22:16:24.207

Modified: 2026-04-07T13:20:55.200

Link: CVE-2015-10148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses