Password Vulnerability in SCALANCE X-200 and X-300 Switch Families by Siemens
CVE-2019-6567

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X-200 Switch Family (incl. Siplus Net Variants); Scalance X-200irt Switch Family (incl. Siplus Net Variants); Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants); Scalance X-414-3e
Vendor: CVE Published:; 12 June 2019

Summary

A vulnerability has been reported in the SCALANCE X-200 and X-300 switch families, where sensitive device passwords are stored in a recoverable format. This flaw allows attackers with access to a device configuration backup to extract and recover passwords, posing a significant risk to the confidentiality of the stored credentials. It is imperative for users of affected models to implement security measures and upgrade their firmware to mitigate the risk.

Affected Version(s)

SCALANCE X-200 switch family (incl. SIPLUS NET variants) All Versions < V5.2.4

SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions < V5.5.0

SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) All versions < V4.1.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-64684...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Jan 22, 2019