Cyber Resilience

CVE-2016-15058

HighPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 11.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2016-15058 is a high-severity Storing Passwords in a Recoverable Format (CWE-257) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 11.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2016-15058 is a credential exposure vulnerability (CWE-257) affecting Hirschmann HiLCOS Classic Platform switches, including Classic L2E, L2P, L3E, and L3P versions prior to 09.0.06, as well as Classic L2B prior to 05.3.07. The flaw occurs when the password synchronization feature with SNMPv1/v2 community strings is enabled, causing user passwords to be transmitted in plaintext.

Attackers with adjacent network access can exploit this vulnerability without authentication or user interaction, requiring low attack complexity. By sniffing SNMP traffic or extracting configuration data, they can recover plaintext credentials, achieving high confidentiality and integrity impacts (no availability impact) for unauthorized administrative access to the switches, as reflected in its CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vendor and advisory sources, including the Belden security bulletin (https://assets.belden.com/m/1d8273c6205dc400/original/Security-Bulletin-Password-Sync-SNMP-v1-v2-BSECV-2016-12.pdf), CERT KB entry (https://www.kb.cert.org/vuls/id/507216), and Vulncheck advisory (https://www.vulncheck.com/advisories/hirschmann-hilcos-classic-platform-password-exposure-via-snmp), indicate mitigation through upgrading to Hirschmann HiLCOS Classic Platform versions 09.0.06 or later for L2E, L2P, L3E, and L3P models, and 05.3.07 or later for L2B, along with disabling the SNMPv1/v2 password sync feature where possible.

EU & UK References

Vulnerability details

Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the…

more

feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Direct plaintext credential transmission over SNMP enables network sniffing (T1040) to capture unsecured credentials (T1552) for subsequent account access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20128Shared CWE-257

Affected Assets

L3P
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely remediation of the password synchronization flaw through vendor firmware upgrades to fixed versions.

prevent

Prevents attackers from sniffing plaintext credentials in SNMPv1/v2 traffic by enforcing cryptographic protection for transmission confidentiality and integrity.

prevent

Mitigates credential exposure by prohibiting transmission of authenticators like synchronized passwords in plaintext without cryptographic protection.

References