CVE-2019-6567

Name of the Vulnerable Software and Affected Versions SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.4 SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0 SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) versions prior to V4.1.3 SCALANCE X-414-3E (all versions)

Description A vulnerability has been identified where affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration, impacting the confidentiality of the stored passwords. Successful exploitation requires access to a device configuration backup.

Recommendations For SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.4, update to version V5.2.4 or later to resolve the issue. For SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0, update to version V5.5.0 or later to resolve the issue. For SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) versions prior to V4.1.3, update to version V4.1.3 or later to resolve the issue. For SCALANCE X-414-3E, at the moment, there is no information about a newer version that contains a fix for this vulnerability.