Weak SSH Cipher Configuration in SCALANCE X200 and X201 Series by Siemens
CVE-2023-29054

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Scalance X200-4p Irt; Scalance X201-3p Irt; Scalance X201-3p Irt Pro; Scalance X202-2irt
Vendor: CVE Published:; 11 April 2023

Summary

A vulnerability exists in multiple models of the SCALANCE series by Siemens, where the SSH server is improperly configured to use weak cryptographic ciphers by default. This misconfiguration poses a significant risk as it potentially allows unauthorized attackers to intercept and modify data between legitimate clients and the affected devices, facilitating man-in-the-middle attacks. Users are advised to upgrade to version V5.5.2 or later to mitigate these risks. For detailed information, please refer to the official Siemens advisory.

Affected Version(s)

SCALANCE X200-4P IRT All versions < V5.5.2

SCALANCE X201-3P IRT All versions < V5.5.2

SCALANCE X201-3P IRT PRO All versions < V5.5.2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47924...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 30, 2023