A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.
This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data
passed over the connection between legitimate clients and the affected device.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | SCALANCE X200-4P IRT | unknown |
|
||||||
| Siemens | SCALANCE X201-3P IRT | unknown |
|
||||||
| Siemens | SCALANCE X201-3P IRT PRO | unknown |
|
||||||
| Siemens | SCALANCE X202-2IRT | unknown |
|
||||||
| Siemens | SCALANCE X202-2IRT | unknown |
|
||||||
| Siemens | SCALANCE X202-2P IRT | unknown |
|
||||||
| Siemens | SCALANCE X202-2P IRT PRO | unknown |
|
||||||
| Siemens | SCALANCE X204IRT | unknown |
|
||||||
| Siemens | SCALANCE X204IRT | unknown |
|
||||||
| Siemens | SCALANCE X204IRT PRO | unknown |
|
||||||
| Siemens | SCALANCE XF201-3P IRT | unknown |
|
||||||
| Siemens | SCALANCE XF202-2P IRT | unknown |
|
||||||
| Siemens | SCALANCE XF204-2BA IRT | unknown |
|
||||||
| Siemens | SCALANCE XF204IRT | unknown |
|
||||||
| Siemens | SIPLUS NET SCALANCE X202-2P IRT | unknown |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Siemens
Subscribe
|
Scalance X200-4p Irt
Subscribe
Scalance X200-4p Irt Firmware
Subscribe
Scalance X201-3p Irt
Subscribe
Scalance X201-3p Irt Firmware
Subscribe
Scalance X201-3p Irt Pro
Subscribe
Scalance X201-3p Irt Pro Firmware
Subscribe
Scalance X202-2irt
Subscribe
Scalance X202-2irt Firmware
Subscribe
Scalance X202-2p Irt
Subscribe
Scalance X202-2p Irt Firmware
Subscribe
Scalance X202-2p Irt Pro
Subscribe
Scalance X202-2p Irt Pro Firmware
Subscribe
Scalance X204irt
Subscribe
Scalance X204irt Firmware
Subscribe
Scalance X204irt Pro
Subscribe
Scalance X204irt Pro Firmware
Subscribe
Scalance Xf201-3p Irt
Subscribe
Scalance Xf201-3p Irt Firmware
Subscribe
Scalance Xf202-2p Irt
Subscribe
Scalance Xf202-2p Irt Firmware
Subscribe
Scalance Xf204-2ba Irt
Subscribe
Scalance Xf204-2ba Irt Firmware
Subscribe
Scalance Xf204irt
Subscribe
Scalance Xf204irt Firmware
Subscribe
Siplus Net Scalance X202-2p Irt
Subscribe
Siplus Net Scalance X202-2p Irt Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-32658 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 07 Feb 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: siemens
Published:
Updated: 2025-02-07T16:49:26.184Z
Reserved: 2023-03-30T12:04:26.539Z
Link: CVE-2023-29054
Vulnrichment
Updated: 2024-08-02T14:00:14.631Z
NVD
Status : Modified
Published: 2023-04-11T10:15:18.517
Modified: 2024-11-21T07:56:27.647
Link: CVE-2023-29054
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses