Hirschmann HiLCOS Classic Platform Password Exposure via SNMP

Advisories

Hirschmann HiLCOS Classic Platform Password Exposure via SNMP

severity: high
date: 4/3/2026
Affecting: Hirschmann HiLCOS Classic Platform < 09.0.06 and 05.3.07
CVE: CVE-2016-15058
CWE: CWE-257: Storing Passwords in a Recoverable Format
CVSS: 8.6
CVSS V4 Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References: Belden Security Advisory
VU#507216
Description: Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo