Weak SSH Cipher Configuration in SCALANCE X200 and X201 Series by Siemens
CVE-2023-29054

7.4HIGH

Key Information:

Vendor: Siemens
Status: SCALANCE X200-4P IRT; SCALANCE X201-3P IRT; SCALANCE X201-3P IRT PRO; SCALANCE X202-2IRT
Vendor: CVE Published:; 11 April 2023

Summary

A vulnerability exists in multiple models of the SCALANCE series by Siemens, where the SSH server is improperly configured to use weak cryptographic ciphers by default. This misconfiguration poses a significant risk as it potentially allows unauthorized attackers to intercept and modify data between legitimate clients and the affected devices, facilitating man-in-the-middle attacks. Users are advised to upgrade to version V5.5.2 or later to mitigate these risks. For detailed information, please refer to the official Siemens advisory.

Affected Version(s)

SCALANCE X200-4P IRT All versions < V5.5.2

SCALANCE X201-3P IRT All versions < V5.5.2

SCALANCE X201-3P IRT PRO All versions < V5.5.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47924...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 30, 2023