7.4

CVE-2023-29054

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.

This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensScalance X200-4p Irt Firmware Version < 5.5.2
   SiemensScalance X200-4p Irt Version-
SiemensScalance X201-3p Irt Firmware Version < 5.5.2
   SiemensScalance X201-3p Irt Version-
SiemensScalance X202-2irt Firmware Version < 5.5.2
   SiemensScalance X202-2irt Version-
SiemensScalance X202-2irt Firmware Version < 5.5.2
   SiemensScalance X202-2irt Version-
SiemensScalance X202-2p Irt Firmware Version < 5.5.2
   SiemensScalance X202-2p Irt Version-
SiemensScalance X204irt Firmware Version < 5.5.2
   SiemensScalance X204irt Version-
SiemensScalance X204irt Firmware Version < 5.5.2
   SiemensScalance X204irt Version-
SiemensScalance X204irt Pro Firmware Version < 5.5.2
   SiemensScalance X204irt Pro Version-
SiemensScalance Xf204irt Firmware Version < 5.5.2
   SiemensScalance Xf204irt Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.166
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
productcert@siemens.com 6.7 1.2 5.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf
Vendor Advisory