CVE-2015-10148
Published: 03 April 2026
Summary
CVE-2015-10148 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Belden (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).
Deeper analysis
CVE-2015-10148 affects Hirschmann HiLCOS devices, specifically OpenBAT, WLC, BAT300, and BAT54 versions prior to 8.80, as well as OpenBAT prior to 9.10. These industrial networking devices ship with identical default SSH and SSL cryptographic keys across multiple units, and these keys cannot be changed by users. This hard-coded credential flaw, classified under CWE-321, enables unauthenticated remote attackers to decrypt or intercept encrypted management communications, earning a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) due to high confidentiality impact with low integrity impact and no availability disruption.
Unauthenticated attackers on the network can exploit this vulnerability without privileges or user interaction. By leveraging the shared default keys, they can perform man-in-the-middle (MitM) attacks on SSH or SSL sessions, impersonate affected devices to other systems, and expose sensitive management information transmitted over these protocols.
The Belden security bulletin (BSECV-2015-12) and VulnCheck advisory provide details on this issue, recommending firmware upgrades to versions 8.80 or later for the affected HiLCOS devices and 9.10 or later for OpenBAT to replace the default keys with unique ones.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-9425
Vulnerability details
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers…
more
can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Default shared SSH/SSL keys directly enable remote unauthenticated MitM decryption and interception of management sessions on public-facing industrial devices (T1190 initial access + T1557.002 ARP poisoning/MitM).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates secure establishment and management of cryptographic keys, preventing use of identical default SSH and SSL keys across devices.
Requires changing default authenticators such as SSH and SSL keys prior to first use, countering the hardcoded shared credentials.
Ensures timely remediation of flaws like hardcoded keys through firmware updates that generate unique keys per device.