PT-2023-6990 · Siemens · Scalance Xb205-3
Publicado
2023-11-14
·
Atualizado
2025-01-15
·
CVE-2023-44318
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SCALANCE XB205-3 (SC, PN) versions prior to V4.5
SCALANCE XB205-3 (ST, E/IP) versions prior to V4.5
Description
The issue is related to the use of a hardcoded cryptographic key in the software of industrial switches. This could allow a remote attacker to gain unauthorized access to protected information. Affected devices use this key to obfuscate configuration backups that administrators can export, potentially enabling an authenticated attacker with administrative privileges or an attacker who obtains a configuration backup to extract configuration information from the exported file.
Recommendations
For SCALANCE XB205-3 (SC, PN) versions prior to V4.5, update to version V4.5 or later to resolve the issue.
For SCALANCE XB205-3 (ST, E/IP) versions prior to V4.5, update to version V4.5 or later to resolve the issue.
As a temporary workaround, consider restricting access to configuration backups and limiting administrative privileges to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Scalance Xb205-3