7.4
CVE-2023-29054
- EPSS 0.26%
- Veröffentlicht 11.04.2023 10:15:18
- Zuletzt bearbeitet 21.11.2024 07:56:27
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Scalance X200-4p Irt Firmware Version < 5.5.2
Siemens ≫ Scalance X201-3p Irt Firmware Version < 5.5.2
Siemens ≫ Scalance X201-3p Irt Pro Firmware Version < 5.5.2
Siemens ≫ Scalance X202-2irt Firmware Version < 5.5.2
Siemens ≫ Scalance X202-2irt Firmware Version < 5.5.2
Siemens ≫ Scalance X202-2p Irt Firmware Version < 5.5.2
Siemens ≫ Scalance X202-2p Irt Pro Firmware Version < 5.5.2
Siemens ≫ Scalance X204irt Firmware Version < 5.5.2
Siemens ≫ Scalance X204irt Firmware Version < 5.5.2
Siemens ≫ Scalance X204irt Pro Firmware Version < 5.5.2
Siemens ≫ Scalance Xf201-3p Irt Firmware Version < 5.5.2
Siemens ≫ Scalance Xf202-2p Irt Firmware Version < 5.5.2
Siemens ≫ Scalance Xf204-2ba Irt Firmware Version < 5.5.2
Siemens ≫ Scalance Xf204irt Firmware Version < 5.5.2
Siemens ≫ Siplus Net Scalance X202-2p Irt Firmware Version < 5.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.166 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| productcert@siemens.com | 6.7 | 1.2 | 5.5 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf