CVE-2023-29054

EPSS 0.1%
Published 11.04.2023 10:15:18
Last modified 21.11.2024 07:56:27
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.

This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance X200-4p Irt Firmware Version < 5.5.2

Siemens ≫ Scalance X200-4p Irt Version-

Siemens ≫ Scalance X201-3p Irt Firmware Version < 5.5.2

Siemens ≫ Scalance X201-3p Irt Version-

Siemens ≫ Scalance X201-3p Irt Pro Firmware Version < 5.5.2

Siemens ≫ Scalance X201-3p Irt Pro Version-

Siemens ≫ Scalance X202-2irt Firmware Version < 5.5.2

Siemens ≫ Scalance X202-2irt Version-

Siemens ≫ Scalance X202-2irt Firmware Version < 5.5.2

Siemens ≫ Scalance X202-2irt Version-

Siemens ≫ Scalance X202-2p Irt Firmware Version < 5.5.2

Siemens ≫ Scalance X202-2p Irt Version-

Siemens ≫ Scalance X202-2p Irt Pro Firmware Version < 5.5.2

Siemens ≫ Scalance X202-2p Irt Pro Version-

Siemens ≫ Scalance X204irt Firmware Version < 5.5.2

Siemens ≫ Scalance X204irt Version-

Siemens ≫ Scalance X204irt Firmware Version < 5.5.2

Siemens ≫ Scalance X204irt Version-

Siemens ≫ Scalance X204irt Pro Firmware Version < 5.5.2

Siemens ≫ Scalance X204irt Pro Version-

Siemens ≫ Scalance Xf201-3p Irt Firmware Version < 5.5.2

Siemens ≫ Scalance Xf201-3p Irt Version-

Siemens ≫ Scalance Xf202-2p Irt Firmware Version < 5.5.2

Siemens ≫ Scalance Xf202-2p Irt Version-

Siemens ≫ Scalance Xf204-2ba Irt Firmware Version < 5.5.2

Siemens ≫ Scalance Xf204-2ba Irt Version-

Siemens ≫ Scalance Xf204irt Firmware Version < 5.5.2

Siemens ≫ Scalance Xf204irt Version-

Siemens ≫ Siplus Net Scalance X202-2p Irt Firmware Version < 5.5.2

Siemens ≫ Siplus Net Scalance X202-2p Irt Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.28

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
productcert@siemens.com	6.7	1.2	5.5	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29054

EUVD