// For flags

CVE-2020-28395

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Se ha identificado una vulnerabilidad en la familia de switch SCALANCE X-300 (incluidas las variantes X408 y SIPLUS NET) (todas las versiones anteriores a V4.1.0).&#xa0;Los dispositivos no crean una nueva clave privada única después del restablecimiento de fábrica.&#xa0;Un atacante podría aprovechar esta situación en una situación de man-in-the-middle y descifrar el tráfico capturado previamente

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-11-10 CVE Reserved
  • 2021-01-12 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-798: Use of Hard-coded Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Scalance Xr324-12m Firmware
Search vendor "Siemens" for product "Scalance Xr324-12m Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324-12m Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324-12m
Search vendor "Siemens" for product "Scalance Xr324-12m"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr324-12m Ts Firmware
Search vendor "Siemens" for product "Scalance Xr324-12m Ts Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324-12m Ts Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324-12m Ts
Search vendor "Siemens" for product "Scalance Xr324-12m Ts"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr324-4m Eec Firmware
Search vendor "Siemens" for product "Scalance Xr324-4m Eec Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324-4m Eec Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324-4m Eec
Search vendor "Siemens" for product "Scalance Xr324-4m Eec"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr324-4m Poe Firmware
Search vendor "Siemens" for product "Scalance Xr324-4m Poe Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324-4m Poe Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324-4m Poe
Search vendor "Siemens" for product "Scalance Xr324-4m Poe"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr324-4m Poe Ts Firmware
Search vendor "Siemens" for product "Scalance Xr324-4m Poe Ts Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324-4m Poe Ts Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324-4m Poe Ts
Search vendor "Siemens" for product "Scalance Xr324-4m Poe Ts"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr324wg Firmware
Search vendor "Siemens" for product "Scalance Xr324wg Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr324wg Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr324wg
Search vendor "Siemens" for product "Scalance Xr324wg"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr326-2c Poe Wg Firmware
Search vendor "Siemens" for product "Scalance Xr326-2c Poe Wg Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr326-2c Poe Wg Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr326-2c Poe Wg
Search vendor "Siemens" for product "Scalance Xr326-2c Poe Wg"
--
Safe
Siemens
Search vendor "Siemens"
Scalance Xr328-4c Wg Firmware
Search vendor "Siemens" for product "Scalance Xr328-4c Wg Firmware"
< 4.1.0
Search vendor "Siemens" for product "Scalance Xr328-4c Wg Firmware" and version " < 4.1.0"
-
Affected
in Siemens
Search vendor "Siemens"
Scalance Xr328-4c Wg
Search vendor "Siemens" for product "Scalance Xr328-4c Wg"
--
Safe