VAR-201602-0175
Vulnerability from variot - Updated: 2025-04-13 23:09The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. Therefore, an administrative password is leaked to an attacker on the local network. CWE-257: Storing Passwords in a Recoverable Format http://cwe.mitre.org/data/definitions/257.html In addition, National Vulnerability Database (NVD) Then CWE-200 It is published as Belden Is a security advisory BSECV-2016-2 In more detail on this issue. BeldenHirschmannClassicPlatformswitches is a switch product from Belden Corporation of the United States. A security vulnerability exists in the password-sync function of Belden Hirschmann Classic Platform. The following models and versions are affected: Belden Hirschmann Classic L2E, L2P, L3E, RS on L3P platforms, RSR, MACH100, MACH1000, MACH4000, MS, OCTOPUS 09.0.05 and earlier, RSB 05.3.06 and earlier on Classic L2B platforms previous version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hirschmann",
"scope": "eq",
"trust": 1.6,
"vendor": "belden",
"version": "05.3.06"
},
{
"model": "hirschmann l2b",
"scope": "eq",
"trust": 1.0,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "09.0.05"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "hirschmann classic layer 2 basic",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic layer 2 enhanced",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic layer 2 professional",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic layer 3 enhanced",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic layer 3 professional",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann",
"scope": "lt",
"trust": 0.8,
"vendor": "belden",
"version": "05.3.07"
},
{
"model": "hirschmann",
"scope": "lt",
"trust": 0.8,
"vendor": "belden",
"version": "09.0.06"
},
{
"model": "hirschmann classic platform switches l2b",
"scope": "lt",
"trust": 0.6,
"vendor": "belden",
"version": "05.3.07"
},
{
"model": "hirschmann classic platform switches l2e",
"scope": "lt",
"trust": 0.6,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic platform switches l2p",
"scope": "lt",
"trust": 0.6,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic platform switches l3e",
"scope": "lt",
"trust": 0.6,
"vendor": "belden",
"version": null
},
{
"model": "hirschmann classic platform switches l3p",
"scope": "lt",
"trust": 0.6,
"vendor": "belden",
"version": "09.0.06"
},
{
"model": "hirschmann",
"scope": "eq",
"trust": 0.6,
"vendor": "belden",
"version": "09.0.05"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507216"
},
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:belden:hirschmann_l2b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:belden:hirschmann_l2e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:belden:hirschmann_l2p",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:belden:hirschmann_l3e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:belden:hirschmann_l3p",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:belden:hirschmann_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
}
]
},
"cve": "CVE-2016-2509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2016-2509",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-01335",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-91328",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2016-2509",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2509",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2509",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2016-01335",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-359",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-91328",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. Therefore, an administrative password is leaked to an attacker on the local network. CWE-257: Storing Passwords in a Recoverable Format http://cwe.mitre.org/data/definitions/257.html In addition, National Vulnerability Database (NVD) Then CWE-200 It is published as Belden Is a security advisory BSECV-2016-2 In more detail on this issue. BeldenHirschmannClassicPlatformswitches is a switch product from Belden Corporation of the United States. A security vulnerability exists in the password-sync function of Belden Hirschmann Classic Platform. The following models and versions are affected: Belden Hirschmann Classic L2E, L2P, L3E, RS on L3P platforms, RSR, MACH100, MACH1000, MACH4000, MS, OCTOPUS 09.0.05 and earlier, RSB 05.3.06 and earlier on Classic L2B platforms previous version",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2509"
},
{
"db": "CERT/CC",
"id": "VU#507216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507216",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2016-2509",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU99862126",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01335",
"trust": 0.6
},
{
"db": "BID",
"id": "83267",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-91328",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507216"
},
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"id": "VAR-201602-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
}
],
"trust": 1.652380955
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01335"
}
]
},
"last_update_date": "2025-04-13T23:09:39.168000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BSECV-2016-2 - Passwords Synchronization with SNMP v1/v2 Communities",
"trust": 0.8,
"url": "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf"
},
{
"title": "YSAR-16-0001: Vnet/IP\u7528\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30a4\u30c3\u30c1\u306e\u7ba1\u7406\u8005\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u6f0f\u3048\u3044\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "BeldenHirschmannClassicPlatformswitchesL2B Patch for Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71937"
},
{
"title": "Belden Hirschmann Classic Platform Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60276"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91328"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.belden.com/resourcecenter/security/upload/belden_security_advisory_bsecv-2016-2_1v0.pdf"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/507216"
},
{
"trust": 0.8,
"url": "http://www.hirschmann.com/en/hirschmann_produkte/industrial_ethernet/workgroup-switches_mach100/index.phtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2509"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99862126/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2509"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#507216"
},
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#507216"
},
{
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"db": "VULHUB",
"id": "VHN-91328"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-16T00:00:00",
"db": "CERT/CC",
"id": "VU#507216"
},
{
"date": "2016-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-91328"
},
{
"date": "2016-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"date": "2016-02-18T22:59:07.853000",
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-09T00:00:00",
"db": "CERT/CC",
"id": "VU#507216"
},
{
"date": "2016-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01335"
},
{
"date": "2016-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-91328"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001441"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-359"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2509"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hirschmann \"Classic Platform\" switches reveal administrator password in SNMP community string by default",
"sources": [
{
"db": "CERT/CC",
"id": "VU#507216"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-359"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…