LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2016-15058

CVE-2016-15058 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 3, 2026

Hirschmann HiLCOS Classic Platform - Credential Exposure

Published: April 3, 2026Updated: April 3, 2026

Overview

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P < 09.0.06 and Classic L2B < 05.3.07 contain a credential exposure vulnerability caused by synchronization of user passwords with SNMPv1/v2 community strings transmitted in plaintext, letting attackers with local network access recover plaintext credentials and gain unauthorized administrative access, exploit requires SNMP feature enabled.

Severity & Score

Severity: High
CVSS Score: 8.1

Impact

Attackers with local network access can recover plaintext credentials and gain unauthorized administrative access to switches.

Mitigation

Update to Classic L2E, L2P, L3E, L3P version 09.0.06 or later and Classic L2B version 05.3.07 or later.

References

Related Resources

Details

CVE ID
CVE-2016-15058
Severity
High
CVSS Score
8.1
Type
broken_access_control
Status
new

CWE

  • CWE-257

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N