5.9
CVE-2020-28395
- EPSS 0.17%
- Veröffentlicht 12.01.2021 21:15:18
- Zuletzt bearbeitet 21.11.2024 05:22:42
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Scalance Xr324-12m Firmware Version < 4.1.0
Siemens ≫ Scalance Xr324-12m Ts Firmware Version < 4.1.0
Siemens ≫ Scalance Xr324-4m Eec Firmware Version < 4.1.0
Siemens ≫ Scalance Xr324-4m Poe Firmware Version < 4.1.0
Siemens ≫ Scalance Xr324-4m Poe Ts Firmware Version < 4.1.0
Siemens ≫ Scalance Xr324wg Firmware Version < 4.1.0
Siemens ≫ Scalance Xr326-2c Poe Wg Firmware Version < 4.1.0
Siemens ≫ Scalance Xr328-4c Wg Firmware Version < 4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.35 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.