PT-2023-7596 · Siemens · Scalance X204Irt Pro+7

Publicado

2023-04-11

·

Atualizado

2023-04-20

·

CVE-2023-29054

CVSS v2.0

9.7

Alta

VetorAV:N/AC:L/Au:N/C:P/I:C/A:C
Name of the Vulnerable Software and Affected Versions SCALANCE X200-4P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT PRO versions prior to V5.5.2 SCALANCE X202-2IRT versions prior to V5.5.2 SCALANCE X202-2P IRT versions prior to V5.5.2 SCALANCE X202-2P IRT PRO versions prior to V5.5.2 SCALANCE X204IRT versions prior to V5.5.2 SCALANCE X204IRT PRO versions prior to V5.5.2 SCALANCE XF201-3P IRT versions prior to V5.5.2 SCALANCE XF202-2P IRT versions prior to V5.5.2 SCALANCE XF204-2BA IRT versions prior to V5.5.2 SCALANCE XF204IRT versions prior to V5.5.2 SIPLUS NET SCALANCE X202-2P IRT versions prior to V5.5.2
Description The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. The vulnerability is related to insufficient encryption strength.
Recommendations For SCALANCE X200-4P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X201-3P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X204IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X204IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF204-2BA IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF204IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SIPLUS NET SCALANCE X202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

BDU:2023-08656
CVE-2023-29054

Produtos afetados

Scalance X200-4P Irt
Scalance X201-3P Irt
Scalance X201-3P Irt Pro
Scalance X202-2P Irt
Scalance X204Irt
Scalance X204Irt Pro
Scalance Xf204-2Ba Irt
Siplus Net Scalance X202-2P Irt