Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2016-15058

CVE-2016-15058: Hirschmann HiLCOS Information Disclosure

CVE-2016-15058 is an information disclosure vulnerability in Hirschmann HiLCOS Classic Platform switches that exposes user credentials through plaintext SNMP transmission. This article covers technical details, affected versions, impact, and mitigation strategies.

Published: April 10, 2026

CVE-2016-15058 Overview

CVE-2016-15058 is a credential exposure vulnerability affecting Hirschmann HiLCOS Classic Platform switches. The vulnerability exists because user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the password synchronization feature is enabled. This design flaw allows attackers with local network access to sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to affected switches.

Critical Impact

Attackers on adjacent networks can intercept plaintext credentials via SNMP traffic sniffing, leading to complete administrative compromise of network infrastructure devices.

Affected Products

  • Hirschmann HiLCOS Classic Platform switches Classic L2E versions prior to 09.0.06
  • Hirschmann HiLCOS Classic Platform switches Classic L2P versions prior to 09.0.06
  • Hirschmann HiLCOS Classic Platform switches Classic L3E versions prior to 09.0.06
  • Hirschmann HiLCOS Classic Platform switches Classic L3P versions prior to 09.0.06
  • Hirschmann HiLCOS Classic Platform switches Classic L2B versions prior to 05.3.07

Discovery Timeline

  • 2026-04-03 - CVE CVE-2016-15058 published to NVD
  • 2026-04-07 - Last updated in NVD database

Technical Details for CVE-2016-15058

Vulnerability Analysis

This vulnerability falls under CWE-257 (Storing Passwords in a Recoverable Format). The core issue stems from the password synchronization feature in Hirschmann HiLCOS Classic Platform switches, which ties user authentication credentials directly to SNMPv1/v2 community strings. When this feature is enabled, any change to user passwords automatically updates the corresponding SNMP community strings, and these credentials are subsequently transmitted over the network without encryption.

SNMPv1 and SNMPv2c protocols inherently lack encryption capabilities—community strings are sent in cleartext as part of the protocol specification. By linking authentication passwords to these community strings, the firmware creates a direct pathway for credential exposure. An attacker positioned on the same network segment can passively capture SNMP traffic using common network analysis tools and extract the community strings, which directly correspond to valid user passwords for switch administration.

Root Cause

The root cause is an insecure design decision to synchronize user authentication passwords with SNMPv1/v2 community strings. This creates a dual vulnerability: first, credentials are stored in a format that enables recovery (the SNMP community string), and second, these credentials are transmitted without encryption whenever SNMP operations occur. The firmware fails to maintain separation between authentication mechanisms, treating SNMP community strings as equivalent to administrative passwords despite the protocol's lack of confidentiality protections.

Attack Vector

The attack requires adjacent network access (AV:A), meaning the attacker must be positioned on the same local network segment as the target switch. The exploitation process is straightforward:

  1. The attacker positions themselves on the same network segment as the Hirschmann switch
  2. Using network packet capture tools, the attacker monitors SNMP traffic to and from the target device
  3. SNMPv1/v2 community strings are visible in plaintext within captured packets
  4. Because password synchronization is enabled, these community strings are identical to user passwords
  5. The attacker uses the recovered credentials to authenticate to the switch's administrative interface

Alternatively, if the attacker gains access to configuration backups or exports, the synchronized credentials may be extractable from stored configuration data.

Detection Methods for CVE-2016-15058

Indicators of Compromise

  • Unexpected SNMPv1/v2 traffic originating from unauthorized network hosts targeting switch management interfaces
  • Multiple failed authentication attempts followed by successful logins from unusual network locations
  • Unauthorized configuration changes on Hirschmann switches that cannot be attributed to known administrators
  • Network packet captures revealing SNMP community string queries from suspicious IP addresses

Detection Strategies

  • Deploy network intrusion detection systems (IDS) with rules to alert on cleartext SNMP traffic containing authentication attempts
  • Monitor switch logs for administrative access from unexpected source addresses or at unusual times
  • Implement network segmentation monitoring to detect lateral movement attempts following potential credential theft
  • Review SNMP access logs for unusual query patterns or unauthorized management station addresses

Monitoring Recommendations

  • Enable comprehensive logging on all Hirschmann switches and forward logs to a centralized SIEM for correlation
  • Configure alerts for any SNMPv1/v2 traffic on management VLANs where only SNMPv3 should be in use
  • Establish baseline administrative access patterns and alert on deviations
  • Periodically audit network captures on management segments for cleartext credential exposure

How to Mitigate CVE-2016-15058

Immediate Actions Required

  • Disable the password synchronization feature that links user passwords to SNMP community strings
  • Upgrade affected devices to patched firmware versions: 09.0.06 or later for Classic L2E, L2P, L3E, L3P switches; 05.3.07 or later for Classic L2B switches
  • Migrate from SNMPv1/v2c to SNMPv3, which provides authentication and encryption
  • Change all administrative passwords and SNMP community strings immediately if the feature was previously enabled

Patch Information

Hirschmann has released firmware updates that address this vulnerability. Affected organizations should upgrade to the following minimum versions:

  • Classic L2E, L2P, L3E, L3P switches: Version 09.0.06 or later
  • Classic L2B switches: Version 05.3.07 or later

For detailed patch information and firmware downloads, consult the Belden Security Bulletin. Additional vulnerability information is available from the CERT Vulnerability Note #507216 and the VulnCheck Advisory.

Workarounds

  • Disable password synchronization with SNMP community strings through the switch configuration interface until patches can be applied
  • Isolate switch management interfaces on dedicated, physically segmented management networks not accessible from general user VLANs
  • Implement strict access control lists (ACLs) limiting which hosts can communicate with switches via SNMP
  • Use out-of-band management networks where feasible to prevent credential sniffing from production network segments
  • Disable SNMPv1/v2c entirely and transition to SNMPv3 with authentication and privacy enabled
bash
# Example: Restrict SNMP access via ACL (syntax varies by device)
# Only allow management station 10.0.1.100 to access SNMP
snmp access permit host 10.0.1.100
snmp access deny any

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeInformation Disclosure
  • Vendor/TechHirschmann
  • SeverityHIGH
  • CVSS Score8.6
  • EPSS Probability0.00%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-257
  • Technical References
  • Belden Security Bulletin
  • CERT Vulnerability Note #507216
  • VulnCheck Advisory on Hirschmann SNMP
  • Related CVEs
  • CVE-2015-10148: Hirschmann HiLCOS Information Disclosure
  • CVE-2017-20237: Hirschmann HiVision Auth Bypass Flaw
  • CVE-2017-20233: Hirschmann HiLCOS Firewall Bypass Flaw
  • CVE-2022-4987: Hirschmann HiVision RCE Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English