CVE-2015-10148
Published: 03 April 2026
Summary
CVE-2015-10148 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Belden (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates secure establishment and management of cryptographic keys, preventing use of identical default SSH and SSL keys across devices.
Requires changing default authenticators such as SSH and SSL keys prior to first use, countering the hardcoded shared credentials.
Ensures timely remediation of flaws like hardcoded keys through firmware updates that generate unique keys per device.
NVD Description
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers…
more
can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Deeper analysisAI
CVE-2015-10148 affects Hirschmann HiLCOS devices, specifically OpenBAT, WLC, BAT300, and BAT54 versions prior to 8.80, as well as OpenBAT prior to 9.10. These industrial networking devices ship with identical default SSH and SSL cryptographic keys across multiple units, and these keys cannot be changed by users. This hard-coded credential flaw, classified under CWE-321, enables unauthenticated remote attackers to decrypt or intercept encrypted management communications, earning a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) due to high confidentiality impact with low integrity impact and no availability disruption.
Unauthenticated attackers on the network can exploit this vulnerability without privileges or user interaction. By leveraging the shared default keys, they can perform man-in-the-middle (MitM) attacks on SSH or SSL sessions, impersonate affected devices to other systems, and expose sensitive management information transmitted over these protocols.
The Belden security bulletin (BSECV-2015-12) and VulnCheck advisory provide details on this issue, recommending firmware upgrades to versions 8.80 or later for the affected HiLCOS devices and 9.10 or later for OpenBAT to replace the default keys with unique ones.
Details
- CWE(s)