Description
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
Published: 2026-04-03
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when user passwords are synchronized with SNMPv1/v2 community strings and sent over the network in clear text. An attacker who can monitor the local network or read configuration files can capture these strings, decode the plaintext credentials, and then use them to achieve unauthorized administrative access to the device. The weakness exemplified by CWE‑257 allows a legitimate credential to be exposed by design, undermining authentication controls.

Affected Systems

The flaw affects Belden Hirschmann HiLCOS Classic Platform switches, specifically Classic L2E, L2P, L3E, L3P releases before version 09.0.06 and Classic L2B releases before version 05.3.07. These models forward all configured passwords as SNMP community string values when the feature is enabled.

Risk and Exploitability

The vulnerability scores 8.6 on the CVSS base metric, indicating high severity, and it is not listed in the CISA KEV catalog. EPSS score is <1%, indicating a low likelihood of exploitation in the wild. The exploitation path requires local network access; an attacker must be able to sniff SNMP traffic or extract the device configuration. Once the attack is executed, the attacker gains full administrative rights. While remote exploitation is unlikely, any compromised local network segment poses a significant risk for routine SNMP traffic.

Generated by OpenCVE AI on May 12, 2026 at 22:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to version 09.0.06 (or newer) for L2E/L2P/L3E/L3P or 05.3.07 (or newer) for L2B.
  • Disable the SNMPv1/v2 community string password synchronization feature if an upgrade is not immediately possible.
  • Restrict SNMP traffic to trusted management hosts and block SNMP on untrusted network segments.
  • Monitor SNMP logs for unusual authentication activity and conduct periodic network packet captures to verify that password strings are not transmitted in clear text.

Generated by OpenCVE AI on May 12, 2026 at 22:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Belden
Belden hirschmann Hilcos Classic Platform
Vendors & Products Belden
Belden hirschmann Hilcos Classic Platform

Fri, 03 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
Title Hirschmann HiLCOS Classic Platform Password Exposure via SNMP
Weaknesses CWE-257
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Belden Hirschmann Hilcos Classic Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-12T20:46:13.569Z

Reserved: 2026-04-03T21:50:15.953Z

Link: CVE-2016-15058

cve-icon Vulnrichment

Updated: 2026-04-07T14:17:20.441Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T22:16:24.563

Modified: 2026-04-07T13:20:55.200

Link: CVE-2016-15058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:45:15Z

Weaknesses