5.9

CVE-2020-28391

EPSS 0.15%
Published 12.01.2021 21:15:18
Last modified 21.11.2024 05:22:42
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance X200-4pirt Firmware Version < 5.5.0

Siemens ≫ Scalance X200-4pirt Version-

Siemens ≫ Scalance X201-3pirt Firmware Version < 5.5.0

Siemens ≫ Scalance X201-3pirt Version-

Siemens ≫ Scalance X202-2irt Firmware Version < 5.5.0

Siemens ≫ Scalance X202-2irt Version-

Siemens ≫ Scalance X202-2pirt Firmware Version < 5.5.0

Siemens ≫ Scalance X202-2pirt Version-

Siemens ≫ Scalance X202-2pirt Siplus Net Firmware Version < 5.5.0

Siemens ≫ Scalance X202-2pirt Siplus Net Version-

Siemens ≫ Scalance X204irt Firmware Version < 5.5.0

Siemens ≫ Scalance X204irt Version-

Siemens ≫ Scalance X307-3 Firmware

Siemens ≫ Scalance X307-3 Version-

Siemens ≫ Scalance X307-3ld Firmware

Siemens ≫ Scalance X307-3ld Version-

Siemens ≫ Scalance X308-2 Firmware

Siemens ≫ Scalance X308-2 Version-

Siemens ≫ Scalance X308-2ld Firmware

Siemens ≫ Scalance X308-2ld Version-

Siemens ≫ Scalance X308-2lh Firmware

Siemens ≫ Scalance X308-2lh Version-

Siemens ≫ Scalance X308-2lh+ Firmware

Siemens ≫ Scalance X308-2lh+ Version-

Siemens ≫ Scalance X308-2m Firmware

Siemens ≫ Scalance X308-2m Version-

Siemens ≫ Scalance X308-2m Ts Firmware

Siemens ≫ Scalance X308-2m Ts Version-

Siemens ≫ Scalance X310 Firmware

Siemens ≫ Scalance X310 Version-

Siemens ≫ Scalance X310fe Firmware

Siemens ≫ Scalance X310fe Version-

Siemens ≫ Scalance X320-1fe Firmware

Siemens ≫ Scalance X320-1fe Version-

Siemens ≫ Scalance X320-3ldfe Firmware

Siemens ≫ Scalance X320-3ldfe Version-

Siemens ≫ Scalance Xb205-3 Firmware Version < 5.2.5

Siemens ≫ Scalance Xb205-3 Version-

Siemens ≫ Scalance Xb205-3ld Firmware Version < 5.2.5

Siemens ≫ Scalance Xb205-3ld Version-

Siemens ≫ Scalance Xb208 Firmware Version < 5.2.5

Siemens ≫ Scalance Xb208 Version-

Siemens ≫ Scalance Xb213-3 Firmware Version < 5.2.5

Siemens ≫ Scalance Xb213-3 Version-

Siemens ≫ Scalance Xb213-3ld Firmware Version < 5.2.5

Siemens ≫ Scalance Xb213-3ld Version-

Siemens ≫ Scalance Xb216 Firmware Version < 5.2.5

Siemens ≫ Scalance Xb216 Version-

Siemens ≫ Scalance Xc206-2 Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2 Version-

Siemens ≫ Scalance Xc206-2g Poe Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2g Poe Version-

Siemens ≫ Scalance Xc206-2g Poe Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2g Poe Eec Version-

Siemens ≫ Scalance Xc206-2sfp Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2sfp Version-

Siemens ≫ Scalance Xc206-2sfp Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2sfp Eec Version-

Siemens ≫ Scalance Xc206-2sfp G Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2sfp G Version-

Siemens ≫ Scalance Xc206-2sfp G (e/ip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2sfp G (e/ip) Version-

Siemens ≫ Scalance Xc206-2sfp G Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc206-2sfp G Eec Version-

Siemens ≫ Scalance Xc208 Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208 Version-

Siemens ≫ Scalance Xc208eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208eec Version-

Siemens ≫ Scalance Xc208g Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208g Version-

Siemens ≫ Scalance Xc208g (e/ip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208g (e/ip) Version-

Siemens ≫ Scalance Xc208g Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208g Eec Version-

Siemens ≫ Scalance Xc208g Poe Firmware Version < 5.2.5

Siemens ≫ Scalance Xc208g Poe Version-

Siemens ≫ Scalance Xc216 Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216 Version-

Siemens ≫ Scalance Xc216-4c Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216-4c Version-

Siemens ≫ Scalance Xc216-4c G Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216-4c G Version-

Siemens ≫ Scalance Xc216-4c G (e/ip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216-4c G (e/ip) Version-

Siemens ≫ Scalance Xc216-4c G Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216-4c G Eec Version-

Siemens ≫ Scalance Xc216eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc216eec Version-

Siemens ≫ Scalance Xc224-4c G Firmware Version < 5.2.5

Siemens ≫ Scalance Xc224-4c G Version-

Siemens ≫ Scalance Xc224-4c G (e/ip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xc224-4c G (e/ip) Version-

Siemens ≫ Scalance Xc224-4c G Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xc224-4c G Eec Version-

Siemens ≫ Scalance Xc224 Firmware Version < 5.2.5

Siemens ≫ Scalance Xc224 Version-

Siemens ≫ Scalance Xf201-3p Irt Firmware Version < 5.2.5

Siemens ≫ Scalance Xf201-3p Irt Version-

Siemens ≫ Scalance Xf202-2p Irt Firmware Version < 5.2.5

Siemens ≫ Scalance Xf202-2p Irt Version-

Siemens ≫ Scalance Xf204 Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204 Version-

Siemens ≫ Scalance Xf204-2 Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204-2 Version-

Siemens ≫ Scalance Xf204-2ba Dna Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204-2ba Dna Version-

Siemens ≫ Scalance Xf204-2ba Irt Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204-2ba Irt Version-

Siemens ≫ Scalance Xf204 Dna Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204 Dna Version-

Siemens ≫ Scalance Xf204irt Firmware Version < 5.2.5

Siemens ≫ Scalance Xf204irt Version-

Siemens ≫ Scalance Xf206-1 Firmware Version < 5.2.5

Siemens ≫ Scalance Xf206-1 Version-

Siemens ≫ Scalance Xf208 Firmware Version < 5.2.5

Siemens ≫ Scalance Xf208 Version-

Siemens ≫ Scalance Xp208 Firmware Version < 5.2.5

Siemens ≫ Scalance Xp208 Version-

Siemens ≫ Scalance Xp208 (eip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xp208 (eip) Version-

Siemens ≫ Scalance Xp208eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xp208eec Version-

Siemens ≫ Scalance Xp208poe Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xp208poe Eec Version-

Siemens ≫ Scalance Xp216 Firmware Version < 5.2.5

Siemens ≫ Scalance Xp216 Version-

Siemens ≫ Scalance Xp216 (eip) Firmware Version < 5.2.5

Siemens ≫ Scalance Xp216 (eip) Version-

Siemens ≫ Scalance Xp216eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xp216eec Version-

Siemens ≫ Scalance Xp216poe Eec Firmware Version < 5.2.5

Siemens ≫ Scalance Xp216poe Eec Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.323

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02

Third Party Advisory

US Government Resource

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-28391

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28391

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28391

EUVD