2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-28395" ,
"sourceIdentifier" : "productcert@siemens.com" ,
"published" : "2021-01-12T21:15:18.197" ,
2024-11-23 13:10:58 +00:00
"lastModified" : "2024-11-21T05:22:42.987" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic."
} ,
{
"lang" : "es" ,
"value" : "Se ha identificado una vulnerabilidad en la familia de switch SCALANCE X-300 (incluidas las variantes X408 y SIPLUS NET) (todas las versiones anteriores a V4.1.0). Los dispositivos no crean una nueva clave privada \u00fanica despu\u00e9s del restablecimiento de f\u00e1brica. Un atacante podr\u00eda aprovechar esta situaci\u00f3n en una situaci\u00f3n de man-in-the-middle y descifrar el tr\u00e1fico capturado previamente"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 5.9 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "NONE" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "productcert@siemens.com" ,
2024-11-23 13:10:58 +00:00
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-321"
}
]
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-798"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324-12m_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "DAB9BF3B-08CB-4307-8EA4-4704E5E107A6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324-12m:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "36C9AE74-4683-4ED0-A605-3A6B065C230E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324-12m_ts_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "7C7F2ADB-BC8F-480C-B3DB-7CBFFFF6604C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324-12m_ts:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4356417E-B4CB-45B0-B395-CE9D423FAB44"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324-4m_eec_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "5637F52B-0887-469D-A6CD-C54996FD09D6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324-4m_eec:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6F952542-6B79-4681-A236-15C188AAEB1E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324-4m_poe_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "19EC397D-1510-4F92-94E1-7E154B1FCE1C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324-4m_poe:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "664D9C76-BC13-4874-939C-A8211DA33903"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324-4m_poe_ts_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "5051EBA9-94F8-4655-8D6C-D991C4348409"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324-4m_poe_ts:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4834A67B-7B0B-4F88-BBFB-25667FD68EC5"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr324wg_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "E3AC6D32-1EDD-4DF1-B48A-D8AE73C0CA2F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr324wg:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E767C461-8FA6-4700-98CB-734AFD309140"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr326-2c_poe_wg_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "A82CF7F5-5555-4247-9C66-48AC6E3683CC"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr326-2c_poe_wg:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CBD19EFB-12D2-4401-B87A-91873528E474"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:siemens:scalance_xr328-4c_wg_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.1.0" ,
"matchCriteriaId" : "D9C73FC3-0179-418C-A5F2-E9E51D77D8B1"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:siemens:scalance_xr328-4c_wg:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A5B7DEDC-66BD-4701-BBDD-16273263ADC9"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" ,
"source" : "productcert@siemens.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02" ,
"source" : "productcert@siemens.com" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource" ,
"Vendor Advisory"
]
2024-11-23 13:10:58 +00:00
} ,
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
