CVE-2016-15058
HIGHCVSS v3
8.1
HIGH
EPSS Score
—
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 4/3/2026
- Last Modified
- 4/7/2026
Frequently Asked Questions
What is CVE-2016-15058?
Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability where user passwords are synchronized with SNMPv1/v2 community strings and transmitted in plaintext when the feature is enabled. Attackers with local network access can sniff SNMP traffic or extract configuration data to recover plaintext credentials and gain unauthorized administrative access to the switches.
Is CVE-2016-15058 actively exploited?
Active exploitation of CVE-2016-15058 has not been confirmed. The EPSS score is N/A%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2016-15058?
CVE-2016-15058 has a CVSS v3 base score of 8.1 (HIGH severity), with vector string 3.1.
Is CVE-2016-15058 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.