Lucene search

[email protected]NVD:CVE-2020-28391

HistoryJan 12, 2021 - 9:15 p.m.

CVE-2020-28391

2021-01-1221:15:18

CWE-321

CWE-798

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Affected configurations

NVD

Node

siemensscalance_x200-4pirtMatch-

AND

siemensscalance_x200-4pirt_firmwareRange<5.5.0

Node

siemensscalance_x201-3pirtMatch-

AND

siemensscalance_x201-3pirt_firmwareRange<5.5.0

Node

siemensscalance_x202-2irtMatch-

AND

siemensscalance_x202-2irt_firmwareRange<5.5.0

Node

siemensscalance_x202-2pirtMatch-

AND

siemensscalance_x202-2pirt_firmwareRange<5.5.0

Node

siemensscalance_x202-2pirt_siplus_netMatch-

AND

siemensscalance_x202-2pirt_siplus_net_firmwareRange<5.5.0

Node

siemensscalance_x204irtMatch-

AND

siemensscalance_x204irt_firmwareRange<5.5.0

Node

siemensscalance_x307-3Match-

AND

siemensscalance_x307-3_firmware

Node

siemensscalance_x307-3ldMatch-

AND

siemensscalance_x307-3ld_firmware

Node

siemensscalance_x308-2_firmware

AND

siemensscalance_x308-2Match-

Node

siemensscalance_x308-2ld_firmware

AND

siemensscalance_x308-2ldMatch-

Node

siemensscalance_x308-2lh_firmware

AND

siemensscalance_x308-2lhMatch-

Node

siemensscalance_x308-2lh\+_firmware

AND

siemensscalance_x308-2lh\+Match-

Node

siemensscalance_x308-2m_firmware

AND

siemensscalance_x308-2mMatch-

Node

siemensscalance_x308-2m_ts_firmware

AND

siemensscalance_x308-2m_tsMatch-

Node

siemensscalance_x310_firmware

AND

siemensscalance_x310Match-

Node

siemensscalance_x310fe_firmware

AND

siemensscalance_x310feMatch-

Node

siemensscalance_x320-1fe_firmware

AND

siemensscalance_x320-1feMatch-

Node

siemensscalance_x320-3ldfe_firmware

AND

siemensscalance_x320-3ldfeMatch-

Node

siemensscalance_xb205-3_firmwareRange<5.2.5

AND

siemensscalance_xb205-3Match-

Node

siemensscalance_xb205-3ld_firmwareRange<5.2.5

AND

siemensscalance_xb205-3ldMatch-

Node

siemensscalance_xb208_firmwareRange<5.2.5

AND

siemensscalance_xb208Match-

Node

siemensscalance_xb213-3_firmwareRange<5.2.5

AND

siemensscalance_xb213-3Match-

Node

siemensscalance_xb213-3ld_firmwareRange<5.2.5

AND

siemensscalance_xb213-3ldMatch-

Node

siemensscalance_xb216_firmwareRange<5.2.5

AND

siemensscalance_xb216Match-

Node

siemensscalance_xc206-2_firmwareRange<5.2.5

AND

siemensscalance_xc206-2Match-

Node

siemensscalance_xc206-2g_poe__firmwareRange<5.2.5

AND

siemensscalance_xc206-2g_poe_Match-

Node

siemensscalance_xc206-2g_poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2g_poe_eecMatch-

Node

siemensscalance_xc206-2sfp_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfpMatch-

Node

siemensscalance_xc206-2sfp_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_eecMatch-

Node

siemensscalance_xc206-2sfp_g_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_gMatch-

Node

siemensscalance_xc206-2sfp_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_g_\(e\/ip\)Match-

Node

siemensscalance_xc206-2sfp_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc206-2sfp_g_eecMatch-

Node

siemensscalance_xc208_firmwareRange<5.2.5

AND

siemensscalance_xc208Match-

Node

siemensscalance_xc208eec_firmwareRange<5.2.5

AND

siemensscalance_xc208eecMatch-

Node

siemensscalance_xc208g_firmwareRange<5.2.5

AND

siemensscalance_xc208gMatch-

Node

siemensscalance_xc208g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc208g_\(e\/ip\)Match-

Node

siemensscalance_xc208g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc208g_eecMatch-

Node

siemensscalance_xc208g_poe_firmwareRange<5.2.5

AND

siemensscalance_xc208g_poeMatch-

Node

siemensscalance_xc216_firmwareRange<5.2.5

AND

siemensscalance_xc216Match-

Node

siemensscalance_xc216-4c_firmwareRange<5.2.5

AND

siemensscalance_xc216-4cMatch-

Node

siemensscalance_xc216-4c_g_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_gMatch-

Node

siemensscalance_xc216-4c_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_g_\(e\/ip\)Match-

Node

siemensscalance_xc216-4c_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc216-4c_g_eecMatch-

Node

siemensscalance_xc216eec_firmwareRange<5.2.5

AND

siemensscalance_xc216eecMatch-

Node

siemensscalance_xc224-4c_g__firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_Match-

Node

siemensscalance_xc224-4c_g_\(e\/ip\)_firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_\(e\/ip\)Match-

Node

siemensscalance_xc224-4c_g_eec_firmwareRange<5.2.5

AND

siemensscalance_xc224-4c_g_eecMatch-

Node

siemensscalance_xc224__firmwareRange<5.2.5

AND

siemensscalance_xc224_Match-

Node

siemensscalance_xf201-3p_irt_firmwareRange<5.2.5

AND

siemensscalance_xf201-3p_irtMatch-

Node

siemensscalance_xf202-2p_irt_firmwareRange<5.2.5

AND

siemensscalance_xf202-2p_irtMatch-

Node

siemensscalance_xf204_firmwareRange<5.2.5

AND

siemensscalance_xf204Match-

Node

siemensscalance_xf204-2_firmwareRange<5.2.5

AND

siemensscalance_xf204-2Match-

Node

siemensscalance_xf204-2ba_dna_firmwareRange<5.2.5

AND

siemensscalance_xf204-2ba_dnaMatch-

Node

siemensscalance_xf204-2ba_irt_firmwareRange<5.2.5

AND

siemensscalance_xf204-2ba_irtMatch-

Node

siemensscalance_xf204_dna_firmwareRange<5.2.5

AND

siemensscalance_xf204_dnaMatch-

Node

siemensscalance_xf204irt_firmwareRange<5.2.5

AND

siemensscalance_xf204irtMatch-

Node

siemensscalance_xf206-1_firmwareRange<5.2.5

AND

siemensscalance_xf206-1Match-

Node

siemensscalance_xf208_firmwareRange<5.2.5

AND

siemensscalance_xf208Match-

Node

siemensscalance_xp208_firmwareRange<5.2.5

AND

siemensscalance_xp208Match-

Node

siemensscalance_xp208_\(eip\)_firmwareRange<5.2.5

AND

siemensscalance_xp208_\(eip\)Match-

Node

siemensscalance_xp208eec_firmwareRange<5.2.5

AND

siemensscalance_xp208eecMatch-

Node

siemensscalance_xp208poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xp208poe_eecMatch-

Node

siemensscalance_xp216_firmwareRange<5.2.5

AND

siemensscalance_xp216Match-

Node

siemensscalance_xp216_\(eip\)_firmwareRange<5.2.5

AND

siemensscalance_xp216_\(eip\)Match-

Node

siemensscalance_xp216eec_firmwareRange<5.2.5

AND

siemensscalance_xp216eecMatch-

Node

siemensscalance_xp216poe_eec_firmwareRange<5.2.5

AND

siemensscalance_xp216poe_eecMatch-

References

cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-012-02

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for NVD:CVE-2020-28391

prion1 cvelist1 cve1 nessus1 ics1