CVE-2023-29054

Published: Apr 11, 2023Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Affected (13)

Products: Siemens: Scalance X200 4p Irt Firmware, Scalance X201 3p Irt Firmware, Scalance X201 3p Irt Pro Firmware, Scalance X202 2irt Firmware, Scalance X202 2p Irt Firmware, Scalance X202 2p Irt Pro Firmware, Scalance X204irt Firmware, Scalance X204irt Pro Firmware, Scalance Xf201 3p Irt Firmware, Scalance Xf202 2p Irt Firmware, Scalance Xf204 2ba Irt Firmware, Scalance Xf204irt Firmware, Siplus Net Scalance X202 2p Irt Firmware

Siemens

13 products

Scalance X200 4p Irt Firmware

Scalance X201 3p Irt Firmware

Scalance X201 3p Irt Pro Firmware

Scalance X202 2irt Firmware

Scalance X202 2p Irt Firmware

Scalance X202 2p Irt Pro Firmware

Scalance X204irt Firmware

Scalance X204irt Pro Firmware

Scalance Xf201 3p Irt Firmware

Scalance Xf202 2p Irt Firmware

Scalance Xf204 2ba Irt Firmware

Scalance Xf204irt Firmware

Siplus Net Scalance X202 2p Irt Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X200 4p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X200 4p Irt	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X201 3p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X201 3p Irt	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X201 3p Irt Pro Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X201 3p Irt Pro	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X202 2irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X202 2irt	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X202 2p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X202 2p Irt	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X202 2p Irt Pro Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X202 2p Irt Pro	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X204irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X204irt	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance X204irt Pro Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance X204irt Pro	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xf201 3p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance Xf201 3p Irt	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xf202 2p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance Xf202 2p Irt	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xf204 2ba Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance Xf204 2ba Irt	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xf204irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Scalance Xf204irt	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siplus Net Scalance X202 2p Irt Firmware	Before 5.5.2

Running on/with	Platform Versions
Siemens Siplus Net Scalance X202 2p Irt	All versions

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.