Hirschmann HiLCOS Default SSH and SSL Keys Vulnerability Allowing Man-in-the-Middle Attacks

A vulnerability exists in Hirschmann HiLCOS devices, specifically in the OpenBAT, WLC, BAT300, and BAT54 product lines, prior to versions 8.80, and in OpenBAT prior to 9.10. These devices are shipped with identical default SSH and SSL keys that cannot be changed. This flaw enables unauthenticated remote attackers to decrypt or intercept encrypted management communications. Exploitation of this vulnerability could lead to man-in-the-middle attacks, allowing attackers to impersonate devices and access sensitive information by taking advantage of the shared default cryptographic keys across multiple devices.

Impact

Exploitation of this vulnerability could result in successful man-in-the-middle attacks, interception or decryption of encrypted communications, and unauthorized access to sensitive information.

Remediation

Users are advised to upgrade to HiLCOS version 9.10 or version 8.80 and higher. For devices on the BAT54Client, no update is available; instead, use the described workaround after each configuration reset. Instructions for generating unique SSH and SSL keys can be found in the Hirschmann Configuration and Administration Guide.