CVE-2020-28391

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02	Third Party Advisory US Government Resource Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2lh\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2lh\+:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\(e\/ip\):-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208g_\(e\/ip\):-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216-4c_g_\(e\/ip\):-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:siemens:scalance_xc224-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc224-4c_g_\(e\/ip\):-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND

cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND

cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND

cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND

cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND

cpe:2.3:o:siemens:scalance_xp208_\(eip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp208_\(eip\):-:*:*:*:*:*:*:*

Configuration 61 (hide)

AND

cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:*

Configuration 62 (hide)

AND

cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:*

Configuration 63 (hide)

AND

cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:*

Configuration 64 (hide)

AND

cpe:2.3:o:siemens:scalance_xp216_\(eip\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp216_\(eip\):-:*:*:*:*:*:*:*

Configuration 65 (hide)

AND

cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:*

Configuration 66 (hide)

AND

cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-12 21:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-28391

Mitre link : CVE-2020-28391

CVE.ORG link : CVE-2020-28391

JSON object : View

Products Affected

siemens

scalance_xc224-4c_g_eec
scalance_xf204-2_firmware
scalance_xc206-2sfp_eec_firmware
scalance_xc206-2
scalance_x310
scalance_xc208eec_firmware
scalance_xf204_firmware
scalance_x201-3pirt
scalance_xc224-4c_g_
scalance_xc206-2sfp_g_eec_firmware
scalance_x202-2pirt_firmware
scalance_x320-3ldfe_firmware
scalance_xb213-3ld_firmware
scalance_xc224-4c_g_\(e\/ip\)_firmware
scalance_xf204-2ba_irt_firmware
scalance_xb216_firmware
scalance_x310fe
scalance_xc208g_\(e\/ip\)
scalance_xb205-3_firmware
scalance_x202-2pirt_siplus_net_firmware
scalance_x310fe_firmware
scalance_x308-2m_ts_firmware
scalance_xp208eec_firmware
scalance_x308-2m
scalance_xf206-1_firmware
scalance_xp208_\(eip\)
scalance_xc208g_eec
scalance_xb213-3ld
scalance_xc208g_\(e\/ip\)_firmware
scalance_xc208g_eec_firmware
scalance_xc216
scalance_xc208_firmware
scalance_xp216eec
scalance_x310_firmware
scalance_x308-2m_ts
scalance_xf206-1
scalance_xf204
scalance_x308-2
scalance_xc216-4c_g_\(e\/ip\)
scalance_xp208_firmware
scalance_x202-2pirt_siplus_net
scalance_xp216eec_firmware
scalance_xc216-4c_g_eec
scalance_x307-3ld_firmware
scalance_x202-2pirt
scalance_x308-2lh_firmware
scalance_xc206-2g_poe_
scalance_x308-2lh
scalance_x308-2lh\+_firmware
scalance_x200-4pirt_firmware
scalance_xc208g_poe_firmware
scalance_xb205-3ld
scalance_x320-1fe
scalance_xc206-2sfp_g
scalance_xf204-2ba_dna
scalance_xf208_firmware
scalance_x307-3ld
scalance_xc206-2_firmware
scalance_xc206-2sfp_eec
scalance_x202-2irt_firmware
scalance_xc206-2sfp_g_firmware
scalance_xb208
scalance_xf202-2p_irt_firmware
scalance_xf208
scalance_xf201-3p_irt
scalance_xf204irt
scalance_xc206-2g_poe_eec_firmware
scalance_xp208poe_eec_firmware
scalance_x308-2ld_firmware
scalance_xb213-3_firmware
scalance_xp216poe_eec
scalance_xb205-3
scalance_xc216-4c_g
scalance_x308-2_firmware
scalance_xc206-2g_poe__firmware
scalance_xp216poe_eec_firmware
scalance_x320-3ldfe
scalance_xc224__firmware
scalance_xp216_\(eip\)_firmware
scalance_xp216_\(eip\)
scalance_xc224-4c_g__firmware
scalance_xp216
scalance_xf204_dna
scalance_xb213-3
scalance_xc216-4c
scalance_x308-2m_firmware
scalance_x201-3pirt_firmware
scalance_xc224-4c_g_eec_firmware
scalance_xc224-4c_g_\(e\/ip\)
scalance_xp208
scalance_xc206-2g_poe_eec
scalance_xc224_
scalance_x204irt_firmware
scalance_xb205-3ld_firmware
scalance_xc208
scalance_xf204_dna_firmware
scalance_xc206-2sfp
scalance_xc206-2sfp_g_\(e\/ip\)_firmware
scalance_xc216_firmware
scalance_xc206-2sfp_g_\(e\/ip\)
scalance_xp208poe_eec
scalance_xc208g_poe
scalance_xf204-2ba_irt
scalance_xc208g_firmware
scalance_xc208eec
scalance_xc216eec
scalance_xc208g
scalance_xf201-3p_irt_firmware
scalance_xb216
scalance_xf202-2p_irt
scalance_xc216-4c_firmware
scalance_xc216eec_firmware
scalance_x307-3_firmware
scalance_x200-4pirt
scalance_x202-2irt
scalance_xp216_firmware
scalance_xc216-4c_g_\(e\/ip\)_firmware
scalance_xp208eec
scalance_xc216-4c_g_firmware
scalance_xb208_firmware
scalance_x308-2lh\+
scalance_xf204-2
scalance_x320-1fe_firmware
scalance_xp208_\(eip\)_firmware
scalance_xc206-2sfp_g_eec
scalance_xf204irt_firmware
scalance_x204irt
scalance_x308-2ld
scalance_xc206-2sfp_firmware
scalance_xc216-4c_g_eec_firmware
scalance_x307-3
scalance_xf204-2ba_dna_firmware

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-28391

5.9^/10

4.3^/10

Attach tags to `CVE-2020-28391`