CVE-2023-29054
Published: Apr 11, 2023
Modified: Feb 7, 2025
CVSS v3.1
6.7
Description
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
| Vendor | Product | Versions |
|---|---|---|
Siemens | SCALANCE X200-4P IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X201-3P IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X201-3P IRT PRO | affected All versions < V5.5.2 |
Siemens | SCALANCE X202-2IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X202-2IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X202-2P IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X202-2P IRT PRO | affected All versions < V5.5.2 |
Siemens | SCALANCE X204IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X204IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE X204IRT PRO | affected All versions < V5.5.2 |
Siemens | SCALANCE XF201-3P IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE XF202-2P IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE XF204-2BA IRT | affected All versions < V5.5.2 |
Siemens | SCALANCE XF204IRT | affected All versions < V5.5.2 |
Siemens | SIPLUS NET SCALANCE X202-2P IRT | affected All versions < V5.5.2 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H/E:P/RL:U/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now