CVE-2020-28391

CVSS V2 Medium 4.3 CVSS V3 Medium 5.9
Description
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
Overview
  • CVE ID
  • CVE-2020-28391
  • Assigner
  • productcert@siemens.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2021-01-12T21:15:18
  • Last Modified Date
  • 2022-12-13T17:15:13
Weakness Enumerations
CWE URL
CWE-321 http://cwe.mitre.org/data/definitions/321.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x200-4pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x201-3pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2pirt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x204irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.5.0
cpe:2.3:h:siemens:scalance_x204irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x307-3_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x307-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x307-3ld_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x307-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2ld_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2lh_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2lh:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2lh\+_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2lh\+:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2m_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2m:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x308-2m_ts:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x310_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x310:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x310fe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x310fe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x320-1fe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x320-1fe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:scalance_x320-3ldfe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb205-3_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb205-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb205-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb213-3_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb213-3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb213-3ld:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xb216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xb216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc208g_poe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc216eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc216eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g_\(e\/ip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_\(e\/ip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xc224__firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xc224_:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204_dna_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204_dna:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf204irt_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf204irt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xf208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208_\(eip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208_\(eip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp208poe_eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216_\(eip\)_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216_\(eip\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216eec:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:*:*:*:*:*:*:*:* 1 OR 5.2.5
cpe:2.3:h:siemens:scalance_xp216poe_eec:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 5.9
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.2
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-28391
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28391
History
Created Old Value New Value Data Type Notes
2022-05-10 16:05:48 Added to TrackCVE
2022-12-05 19:58:26 2021-01-12T21:15Z 2021-01-12T21:15:18 CVE Published Date updated
2022-12-05 19:58:26 2022-07-28T14:24:30 CVE Modified Date updated
2022-12-05 19:58:26 Analyzed Vulnerability Status updated
2022-12-13 17:12:43 2022-12-13T16:15:13 CVE Modified Date updated
2022-12-13 17:12:43 Analyzed Modified Vulnerability Status updated
2022-12-13 17:12:43 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. Description updated
2022-12-13 18:13:37 2022-12-13T17:15:13 CVE Modified Date updated
2022-12-13 18:13:37 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. Description updated