CVE-2020-28391

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
siemensscalance_x200-4pirt_firmware
𝑥
< 5.5.0
siemensscalance_x201-3pirt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2irt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2pirt_firmware
𝑥
< 5.5.0
siemensscalance_x202-2pirt_siplus_net_firmware
𝑥
< 5.5.0
siemensscalance_x204irt_firmware
𝑥
< 5.5.0
siemensscalance_x307-3_firmware
*
siemensscalance_x307-3ld_firmware
*
siemensscalance_x308-2_firmware
*
siemensscalance_x308-2ld_firmware
*
siemensscalance_x308-2lh_firmware
*
siemensscalance_x308-2lh\+_firmware
*
siemensscalance_x308-2m_firmware
*
siemensscalance_x308-2m_ts_firmware
*
siemensscalance_x310_firmware
*
siemensscalance_x310fe_firmware
*
siemensscalance_x320-1fe_firmware
*
siemensscalance_x320-3ldfe_firmware
*
siemensscalance_xb205-3_firmware
𝑥
< 5.2.5
siemensscalance_xb205-3ld_firmware
𝑥
< 5.2.5
siemensscalance_xb208_firmware
𝑥
< 5.2.5
siemensscalance_xb213-3_firmware
𝑥
< 5.2.5
siemensscalance_xb213-3ld_firmware
𝑥
< 5.2.5
siemensscalance_xb216_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2g_poe__firmware
𝑥
< 5.2.5
siemensscalance_xc206-2g_poe_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc206-2sfp_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208_firmware
𝑥
< 5.2.5
siemensscalance_xc208eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc208g_poe_firmware
𝑥
< 5.2.5
siemensscalance_xc216_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc216-4c_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc216eec_firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g__firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g_\(e\/ip\)_firmware
𝑥
< 5.2.5
siemensscalance_xc224-4c_g_eec_firmware
𝑥
< 5.2.5
siemensscalance_xc224__firmware
𝑥
< 5.2.5
siemensscalance_xf201-3p_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf202-2p_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf204_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2ba_dna_firmware
𝑥
< 5.2.5
siemensscalance_xf204-2ba_irt_firmware
𝑥
< 5.2.5
siemensscalance_xf204_dna_firmware
𝑥
< 5.2.5
siemensscalance_xf204irt_firmware
𝑥
< 5.2.5
siemensscalance_xf206-1_firmware
𝑥
< 5.2.5
siemensscalance_xf208_firmware
𝑥
< 5.2.5
siemensscalance_xp208_firmware
𝑥
< 5.2.5
siemensscalance_xp208_\(eip\)_firmware
𝑥
< 5.2.5
siemensscalance_xp208eec_firmware
𝑥
< 5.2.5
siemensscalance_xp208poe_eec_firmware
𝑥
< 5.2.5
siemensscalance_xp216_firmware
𝑥
< 5.2.5
siemensscalance_xp216_\(eip\)_firmware
𝑥
< 5.2.5
siemensscalance_xp216eec_firmware
𝑥
< 5.2.5
siemensscalance_xp216poe_eec_firmware
𝑥
< 5.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02