Vulnerability Details CVE-2020-28391
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.9%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-28391
-
cpe:2.3:h:siemens:scalance_x200-4pirt:-
-
cpe:2.3:h:siemens:scalance_x201-3pirt:-
-
cpe:2.3:h:siemens:scalance_x202-2irt:-
-
cpe:2.3:h:siemens:scalance_x202-2pirt:-
-
cpe:2.3:h:siemens:scalance_x202-2pirt_siplus_net:-
-
cpe:2.3:h:siemens:scalance_x204irt:-
-
cpe:2.3:h:siemens:scalance_x307-3:-
-
cpe:2.3:h:siemens:scalance_x307-3ld:-
-
cpe:2.3:h:siemens:scalance_x308-2:-
-
cpe:2.3:h:siemens:scalance_x308-2ld:-
-
cpe:2.3:h:siemens:scalance_x308-2lh+:-
-
cpe:2.3:h:siemens:scalance_x308-2lh:-
-
cpe:2.3:h:siemens:scalance_x308-2m:-
-
cpe:2.3:h:siemens:scalance_x308-2m_ts:-
-
cpe:2.3:h:siemens:scalance_x310:-
-
cpe:2.3:h:siemens:scalance_x310fe:-
-
cpe:2.3:h:siemens:scalance_x320-1fe:-
-
cpe:2.3:h:siemens:scalance_x320-3ldfe:-
-
cpe:2.3:h:siemens:scalance_xb205-3:-
-
cpe:2.3:h:siemens:scalance_xb205-3ld:-
-
cpe:2.3:h:siemens:scalance_xb208:-
-
cpe:2.3:h:siemens:scalance_xb213-3:-
-
cpe:2.3:h:siemens:scalance_xb213-3ld:-
-
cpe:2.3:h:siemens:scalance_xb216:-
-
cpe:2.3:h:siemens:scalance_xc206-2:-
-
cpe:2.3:h:siemens:scalance_xc206-2g_poe_:-
-
cpe:2.3:h:siemens:scalance_xc206-2g_poe_eec:-
-
cpe:2.3:h:siemens:scalance_xc206-2sfp:-
-
cpe:2.3:h:siemens:scalance_xc206-2sfp_eec:-
-
cpe:2.3:h:siemens:scalance_xc206-2sfp_g:-
-
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_(e/ip):-
-
cpe:2.3:h:siemens:scalance_xc206-2sfp_g_eec:-
-
cpe:2.3:h:siemens:scalance_xc208:-
-
cpe:2.3:h:siemens:scalance_xc208eec:-
-
cpe:2.3:h:siemens:scalance_xc208g:-
-
cpe:2.3:h:siemens:scalance_xc208g_(e/ip):-
-
cpe:2.3:h:siemens:scalance_xc208g_eec:-
-
cpe:2.3:h:siemens:scalance_xc208g_poe:-
-
cpe:2.3:h:siemens:scalance_xc216-4c:-
-
cpe:2.3:h:siemens:scalance_xc216-4c_g:-
-
cpe:2.3:h:siemens:scalance_xc216-4c_g_(e/ip):-
-
cpe:2.3:h:siemens:scalance_xc216-4c_g_eec:-
-
cpe:2.3:h:siemens:scalance_xc216:-
-
cpe:2.3:h:siemens:scalance_xc216eec:-
-
cpe:2.3:h:siemens:scalance_xc224-4c_g_(e/ip):-
-
cpe:2.3:h:siemens:scalance_xc224-4c_g_:-
-
cpe:2.3:h:siemens:scalance_xc224-4c_g_eec:-
-
cpe:2.3:h:siemens:scalance_xc224_:-
-
cpe:2.3:h:siemens:scalance_xf201-3p_irt:-
-
cpe:2.3:h:siemens:scalance_xf202-2p_irt:-
-
cpe:2.3:h:siemens:scalance_xf204-2:-
-
cpe:2.3:h:siemens:scalance_xf204-2ba_dna:-
-
cpe:2.3:h:siemens:scalance_xf204-2ba_irt:-
-
cpe:2.3:h:siemens:scalance_xf204:-
-
cpe:2.3:h:siemens:scalance_xf204_dna:-
-
cpe:2.3:h:siemens:scalance_xf204irt:-
-
cpe:2.3:h:siemens:scalance_xf206-1:-
-
cpe:2.3:h:siemens:scalance_xf208:-
-
cpe:2.3:h:siemens:scalance_xp208:-
-
cpe:2.3:h:siemens:scalance_xp208_(eip):-
-
cpe:2.3:h:siemens:scalance_xp208eec:-
-
cpe:2.3:h:siemens:scalance_xp208poe_eec:-
-
cpe:2.3:h:siemens:scalance_xp216:-
-
cpe:2.3:h:siemens:scalance_xp216_(eip):-
-
cpe:2.3:h:siemens:scalance_xp216eec:-
-
cpe:2.3:h:siemens:scalance_xp216poe_eec:-
-
cpe:2.3:o:siemens:scalance_x200-4pirt_firmware:-
-
cpe:2.3:o:siemens:scalance_x201-3pirt_firmware:-
-
cpe:2.3:o:siemens:scalance_x202-2irt_firmware:-
-
cpe:2.3:o:siemens:scalance_x202-2pirt_firmware:-
-
cpe:2.3:o:siemens:scalance_x202-2pirt_siplus_net_firmware:-
-
cpe:2.3:o:siemens:scalance_x204irt_firmware:-
-
cpe:2.3:o:siemens:scalance_x307-3_firmware:-
-
cpe:2.3:o:siemens:scalance_x307-3ld_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2ld_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2lh+_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2lh_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2m_firmware:-
-
cpe:2.3:o:siemens:scalance_x308-2m_ts_firmware:-
-
cpe:2.3:o:siemens:scalance_x310_firmware:-
-
cpe:2.3:o:siemens:scalance_x310fe_firmware:-
-
cpe:2.3:o:siemens:scalance_x320-1fe_firmware:-
-
cpe:2.3:o:siemens:scalance_x320-3ldfe_firmware:-
-
cpe:2.3:o:siemens:scalance_xb205-3_firmware:-
-
cpe:2.3:o:siemens:scalance_xb205-3ld_firmware:-
-
cpe:2.3:o:siemens:scalance_xb208_firmware:-
-
cpe:2.3:o:siemens:scalance_xb213-3_firmware:-
-
cpe:2.3:o:siemens:scalance_xb213-3ld_firmware:-
-
cpe:2.3:o:siemens:scalance_xb216_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2g_poe__firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2g_poe_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2sfp_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2sfp_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_(e/ip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc206-2sfp_g_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208g_(e/ip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208g_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208g_firmware:-
-
cpe:2.3:o:siemens:scalance_xc208g_poe_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216-4c_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216-4c_g_(e/ip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216-4c_g_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216-4c_g_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216_firmware:-
-
cpe:2.3:o:siemens:scalance_xc216eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc224-4c_g_(e/ip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xc224-4c_g__firmware:-
-
cpe:2.3:o:siemens:scalance_xc224-4c_g_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xc224__firmware:-
-
cpe:2.3:o:siemens:scalance_xf201-3p_irt_firmware:-
-
cpe:2.3:o:siemens:scalance_xf202-2p_irt_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204-2_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204-2ba_dna_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204-2ba_irt_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204_dna_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204_firmware:-
-
cpe:2.3:o:siemens:scalance_xf204irt_firmware:-
-
cpe:2.3:o:siemens:scalance_xf206-1_firmware:-
-
cpe:2.3:o:siemens:scalance_xf208_firmware:-
-
cpe:2.3:o:siemens:scalance_xp208_(eip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xp208_firmware:-
-
cpe:2.3:o:siemens:scalance_xp208eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xp208poe_eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xp216_(eip)_firmware:-
-
cpe:2.3:o:siemens:scalance_xp216_firmware:-
-
cpe:2.3:o:siemens:scalance_xp216eec_firmware:-
-
cpe:2.3:o:siemens:scalance_xp216poe_eec_firmware:-