VDB

CVE-2020-28391

CVE-2020-28391 PUBLISHED CVSS 5.900000095367432 MEDIUM

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

EPSS 0.16% · 36.6th percentile

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.16%
36.6th percentile

Affected Products

VendorProductVersions
siemensscalance_xc208g_firmware0
siemensscalance_x201-3pirt_firmware0
siemensscalance_xb213-3_firmware0
siemensscalance_xf204_firmware0
siemensscalance_x204irt_firmware0
siemensscalance_xc208g_eec_firmware0
siemensscalance_x308-2lh\+_firmware
siemensscalance_x310_firmware
siemensscalance_x307-3_firmware
siemensscalance_xf206-1_firmware0
siemensscalance_xc206-2g_poe_eec_firmware0
siemensscalance_xc206-2_firmware0
siemensscalance_xb216_firmware0
siemensscalance_xc208g_\(e\/ip\)_firmware0
siemensscalance_xb213-3ld_firmware0
siemensscalance_x308-2ld_firmware
siemensscalance_x202-2pirt_siplus_net_firmware0
siemensscalance_xp216_firmware0
siemensscalance_x308-2m_ts_firmware
siemensscalance_xf201-3p_irt_firmware0

…and 49 more

Timeline

  • Jan 12, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›