ID
VAR-202101-0486
CVE
CVE-2020-28391
TITLE
SCALANCE X-200 and SCALANCE X-200IRT Vulnerability in using hard-coded credentials in switch families
Trust: 0.8
sources:
JVNDB: JVNDB-2020-015531
DESCRIPTION
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. SCALANCE X is a switch used to connect industrial components, such as programmable logic controllers (plc) or human machine interfaces (HMIs)
Trust: 2.25
sources:
NVD: CVE-2020-28391 //
JVNDB: JVNDB-2020-015531 //
CNVD: CNVD-2021-02593 //
VULMON: CVE-2020-28391
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02593
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance xc216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m ts | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x201-3pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2m | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3ld | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2g poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt siplus net | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf201-3p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb205-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf202-2p irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x307-3 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x202-2pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-3ldfe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204 dna | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g poe | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance x320-1fe | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216-4c g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf206-1 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x310 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2ba irt | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xb213-3ld | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc216 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x204irt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x308-2lh\+ | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xf204-2 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc206-2sfp | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc208 | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance x200-4pirt | scope: | lt | version: | 5.5.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp208 \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xc224-4c g \ | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | scalance xp216poe eec | scope: | lt | version: | 5.2.5 | Trust: 1.0 |
| vendor: | シーメンス | model: | scalance x200-4pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | siplus net scalance x202-2pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x204irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x307-3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x201-3pirt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x202-2irt | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | scalance x308-2ld | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | scalance x-200irt switch family | scope: | - | version: | - | Trust: 0.6 |
| vendor: | siemens | model: | scalance switch family | scope: | eq | version: | x-200 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-02593 //
JVNDB: JVNDB-2020-015531 //
NVD: CVE-2020-28391
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2021-02593 //
VULMON: CVE-2020-28391 //
JVNDB: JVNDB-2020-015531 //
CNNVD: CNNVD-202101-834 //
NVD: CVE-2020-28391
PROBLEMTYPE DATA
| problemtype: | CWE-321 | Trust: 1.0 |
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | Using hardcoded credentials (CWE-798) [NVD Evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-015531 //
NVD: CVE-2020-28391
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202101-834
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-202101-834
PATCH
| title: | SSA-274900 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf | Trust: 0.8 |
| title: | Patch for Scalance X Products hard-coded encryption key vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/244015 | Trust: 0.6 |
| title: | Multiple Siemens Product security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=139506 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=16f5b7ec974eee0b50172f47db7b7ec5 | Trust: 0.1 |
sources:
CNVD: CNVD-2021-02593 //
VULMON: CVE-2020-28391 //
JVNDB: JVNDB-2020-015531 //
CNNVD: CNNVD-202101-834
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-28391 | Trust: 3.1 |
| db: | ICS CERT | id: | ICSA-21-012-02 | Trust: 2.5 |
| db: | SIEMENS | id: | SSA-274900 | Trust: 2.3 |
| db: | JVNDB | id: | JVNDB-2020-015531 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-02593 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.0124 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202101-834 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2020-28391 | Trust: 0.1 |
sources:
CNVD: CNVD-2021-02593 //
VULMON: CVE-2020-28391 //
JVNDB: JVNDB-2020-015531 //
CNNVD: CNNVD-202101-834 //
NVD: CVE-2020-28391
REFERENCES
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02 | Trust: 3.1 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-28391 | Trust: 1.4 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.0124/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/321.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-21-012-02 | Trust: 0.1 |
sources:
CNVD: CNVD-2021-02593 //
VULMON: CVE-2020-28391 //
JVNDB: JVNDB-2020-015531 //
CNNVD: CNNVD-202101-834 //
NVD: CVE-2020-28391
CREDITS
Siemens ProductCERT reported these vulnerabilities to CISA.
Trust: 0.6
sources:
CNNVD: CNNVD-202101-834
SOURCES
| db: | CNVD | id: | CNVD-2021-02593 |
| db: | VULMON | id: | CVE-2020-28391 |
| db: | JVNDB | id: | JVNDB-2020-015531 |
| db: | CNNVD | id: | CNNVD-202101-834 |
| db: | NVD | id: | CVE-2020-28391 |
LAST UPDATE DATE
2024-08-14T12:57:19.065000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-02593 | date: | 2021-02-04T00:00:00 |
| db: | VULMON | id: | CVE-2020-28391 | date: | 2022-12-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015531 | date: | 2021-10-01T08:04:00 |
| db: | CNNVD | id: | CNNVD-202101-834 | date: | 2022-12-14T00:00:00 |
| db: | NVD | id: | CVE-2020-28391 | date: | 2022-12-13T17:15:13.113 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-02593 | date: | 2021-01-13T00:00:00 |
| db: | VULMON | id: | CVE-2020-28391 | date: | 2021-01-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-015531 | date: | 2021-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-834 | date: | 2021-01-12T00:00:00 |
| db: | NVD | id: | CVE-2020-28391 | date: | 2021-01-12T21:15:18.120 |