Security Flaw in SCALANCE X-200RNA and X-300 Switch Families by Siemens
CVE-2020-28395

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X-200rna Switch Family; Scalance X-300 Switch Family (incl. X408 And Siplus Net Variants)
Vendor: CVE Published:; 12 January 2021

What is CVE-2020-28395?

A flaw exists in the SCALANCE X-200RNA and X-300 switch families due to the failure of these devices to generate a new unique private key after a factory reset. This vulnerability can be exploited by an attacker to perform man-in-the-middle attacks, allowing them to intercept and decrypt previously captured traffic, potentially compromising sensitive data.

Affected Version(s)

SCALANCE X-200RNA switch family All versions < V3.2.7

SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) All versions < V4.1.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-27490...

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Nov 10, 2020