CVE-2023-29054

Name of the Vulnerable Software and Affected Versions SCALANCE X200-4P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT PRO versions prior to V5.5.2 SCALANCE X202-2IRT versions prior to V5.5.2 SCALANCE X202-2P IRT versions prior to V5.5.2 SCALANCE X202-2P IRT PRO versions prior to V5.5.2 SCALANCE X204IRT versions prior to V5.5.2 SCALANCE X204IRT PRO versions prior to V5.5.2 SCALANCE XF201-3P IRT versions prior to V5.5.2 SCALANCE XF202-2P IRT versions prior to V5.5.2 SCALANCE XF204-2BA IRT versions prior to V5.5.2 SCALANCE XF204IRT versions prior to V5.5.2 SIPLUS NET SCALANCE X202-2P IRT versions prior to V5.5.2

Description The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. The vulnerability is related to insufficient encryption strength.

Recommendations For SCALANCE X200-4P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X201-3P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X202-2P IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X204IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE X204IRT PRO versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF201-3P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF204-2BA IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SCALANCE XF204IRT versions prior to V5.5.2, update to version V5.5.2 or later. For SIPLUS NET SCALANCE X202-2P IRT versions prior to V5.5.2, update to version V5.5.2 or later.