PT-2021-2203 · Siemens · Scalance X-300+2
Published
2021-01-12
·
Updated
2022-12-13
·
CVE-2020-28395
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SCALANCE X-200 versions prior to V3.2.7
SCALANCE X-200IRT versions prior to V3.2.7
SCALANCE X-300 versions prior to V4.1.0
Description:
The issue is related to the reset function of industrial switches, which does not generate a new cryptographic key after a factory reset. This could allow a remote attacker to elevate their privileges and potentially lead to a man-in-the-middle situation, enabling them to decrypt previously captured traffic.
Recommendations:
For SCALANCE X-200 versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X-200IRT versions prior to V3.2.7, update to version V3.2.7 or later.
For SCALANCE X-300 versions prior to V4.1.0, update to version V4.1.0 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scalance X-200
Scalance X-200Irt
Scalance X-300