Cyber Resilience

CVE-2015-10148

HighPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 20.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2015-10148 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Belden (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).

Deeper analysis

CVE-2015-10148 affects Hirschmann HiLCOS devices, specifically OpenBAT, WLC, BAT300, and BAT54 versions prior to 8.80, as well as OpenBAT prior to 9.10. These industrial networking devices ship with identical default SSH and SSL cryptographic keys across multiple units, and these keys cannot be changed by users. This hard-coded credential flaw, classified under CWE-321, enables unauthenticated remote attackers to decrypt or intercept encrypted management communications, earning a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) due to high confidentiality impact with low integrity impact and no availability disruption.

Unauthenticated attackers on the network can exploit this vulnerability without privileges or user interaction. By leveraging the shared default keys, they can perform man-in-the-middle (MitM) attacks on SSH or SSL sessions, impersonate affected devices to other systems, and expose sensitive management information transmitted over these protocols.

The Belden security bulletin (BSECV-2015-12) and VulnCheck advisory provide details on this issue, recommending firmware upgrades to versions 8.80 or later for the affected HiLCOS devices and 9.10 or later for OpenBAT to replace the default keys with unique ones.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers…

more

can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Default shared SSH/SSL keys directly enable remote unauthenticated MitM decryption and interception of management sessions on public-facing industrial devices (T1190 initial access + T1557.002 ARP poisoning/MitM).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32644Shared CWE-321
CVE-2026-22586Shared CWE-321
CVE-2026-26335Shared CWE-321
CVE-2025-11899Shared CWE-321
CVE-2025-15016Shared CWE-321
CVE-2025-62581Shared CWE-321
CVE-2025-57174Shared CWE-321
CVE-2025-30095Shared CWE-321
CVE-2025-30234Shared CWE-321
CVE-2026-24218Shared CWE-321

Affected Assets

Belden
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates secure establishment and management of cryptographic keys, preventing use of identical default SSH and SSL keys across devices.

prevent

Requires changing default authenticators such as SSH and SSL keys prior to first use, countering the hardcoded shared credentials.

prevent

Ensures timely remediation of flaws like hardcoded keys through firmware updates that generate unique keys per device.

References