Vulnetix
Try Vulnetix Request Demo
SSA-353002 PUBLISHED CVSS 4.900000095367432 MEDIUM

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.

Risk Scores

CVSS v3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
SiemensSCALANCE XR326-2C PoE WG (6GK5326-2QS00-3AR3)
SiemensSCALANCE XC208G PoE (6GK5208-0RA00-2AC2)
SiemensSCALANCE XB205-3 (SC, PN) (6GK5205-3BB00-2AB2)
SiemensSCALANCE XF204G (6GK5204-0GA00-1UF2)
SiemensSCALANCE XP208EEC (6GK5208-0HA10-2ES6)
SiemensSCALANCE XC208G (EIP def.) (6GK5208-0GA00-2TC2)
SiemensSCALANCE XB208 (E/IP) (6GK5208-0BA00-2TB2)
SiemensSCALANCE XC206-2SFP G (6GK5206-2GS00-2AC2)
SiemensSCALANCE XC224-4C G (EIP Def.) (6GK5224-4GS00-2TC2)
SiemensSCALANCE XC206-2G PoE (54 V DC) (6GK5206-2RS00-5AC2)
SiemensSCALANCE XB205-3 (ST, PN) (6GK5205-3BD00-2AB2)
SiemensSCALANCE XB206-2 SC (6GK5206-2BD00-2AB2)
SiemensSCALANCE XR326-2C PoE WG (without UL) (6GK5326-2QS00-3RR3)
SiemensSCALANCE XP208G (6GK5208-0XA00-2AS6)
SiemensSCALANCE XC216-3G PoE (54 V DC) (6GK5216-3RS00-5AC2)
SiemensSCALANCE XC208G (6GK5208-0GA00-2AC2)
SiemensSCALANCE XC216EEC (6GK5216-0BA00-2FC2)
SiemensSCALANCE XC206-2G PoE (6GK5206-2RS00-2AC2)
SiemensSCALANCE XP216 (6GK5216-0HA00-2AS6)
SiemensSCALANCE XC216-4C G (6GK5216-4GS00-2AC2)

…and 71 more

Timeline

References

Open in Interactive Console →