Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSiemensCVELIST:CVE-2020-28395
HistoryJan 12, 2021 - 12:00 a.m.

CVE-2020-28395

2021-01-1200:00:00
CWE-321
siemens
www.cve.org

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SCALANCE X-200RNA switch family",
    "versions": [
      {
        "version": "All versions < V3.2.7",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
    "versions": [
      {
        "version": "All versions < V4.1.0",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
nessus 1
cve 1
prion 1
ics 1
nvd
nvd
CVE-2020-28395
2021-01-12 21:15:18
nessus
nessus
Siemens SCALANCE X Switches Use of Hard-Coded Cryptographic Key (CVE-2020-28395)
2023-04-11 00:00:00
cve
cve
CVE-2020-28395
2021-01-12 21:15:18
prion
prion
Design/Logic Flaw
2021-01-12 21:15:00
ics
ics
Siemens SCALANCE X Switches (Update C)
2022-12-16 12:00:00

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON
Related for CVELIST:CVE-2020-28395
nvd1nessus1cve1prion1ics1