CVE-2015-10148
HIGHCVSS v3
8.2
HIGH
EPSS Score
—
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 4/3/2026
- Last Modified
- 4/7/2026
Frequently Asked Questions
What is CVE-2015-10148?
Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices.
Is CVE-2015-10148 actively exploited?
Active exploitation of CVE-2015-10148 has not been confirmed. The EPSS score is N/A%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2015-10148?
CVE-2015-10148 has a CVSS v3 base score of 8.2 (HIGH severity), with vector string 3.1.
Is CVE-2015-10148 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.