CVE-2020-28391

Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5 SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0 SCALANCE X-200RNA switch family versions prior to V3.2.7

Description: A vulnerability has been identified in the SCALANCE X-200 switch family, including SIPLUS NET variants, and other related devices. The issue arises when these devices are used with C-PLUG, as they utilize a hardcoded private RSA-key shipped with the firmware-image instead of creating a new unique key upon factory reset. This situation could be leveraged by an attacker to create a man-in-the-middle situation, allowing them to decrypt previously captured traffic. The vulnerability is related to the use of a hardcoded cryptographic key in the C-PLUG memory module of these industrial switches.

Recommendations: For SCALANCE X-200 switch family (incl. SIPLUS NET variants) versions prior to V5.2.5, update to version V5.2.5 or later to resolve the issue. For SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions prior to V5.5.0, update to version V5.5.0 or later to resolve the issue. For SCALANCE X-200RNA switch family versions prior to V3.2.7, update to version V3.2.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of C-PLUG with these devices until a patch is applied.