1. Home
  2. CVE Database
  3. CVE-2023-29054
MEDIUM · 6.7

CVE-2023-29054

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT ...

Vulnerability Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SiemensScalance X200-4P Irt Firmware< 5.5.2
SiemensScalance X200-4P Irt-
SiemensScalance X201-3P Irt Firmware< 5.5.2
SiemensScalance X201-3P Irt-
SiemensScalance X201-3P Irt Pro Firmware< 5.5.2
SiemensScalance X201-3P Irt Pro-
SiemensScalance X202-2Irt Firmware< 5.5.2
SiemensScalance X202-2Irt-
SiemensScalance X202-2P Irt Firmware< 5.5.2
SiemensScalance X202-2P Irt-
SiemensScalance X202-2P Irt Pro Firmware< 5.5.2
SiemensScalance X202-2P Irt Pro-
SiemensScalance X204Irt Firmware< 5.5.2
SiemensScalance X204Irt-
SiemensScalance X204Irt Pro Firmware< 5.5.2
SiemensScalance X204Irt Pro-
SiemensScalance Xf201-3P Irt Firmware< 5.5.2
SiemensScalance Xf201-3P Irt-
SiemensScalance Xf202-2P Irt Firmware< 5.5.2
SiemensScalance Xf202-2P Irt-

Related Weaknesses (CWE)

CWE-326

References

FAQ

What is CVE-2023-29054?

CVE-2023-29054 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT ...

How severe is CVE-2023-29054?

CVE-2023-29054 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29054?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance X200-4P Irt Firmware, Siemens Scalance X200-4P Irt, Siemens Scalance X201-3P Irt Firmware, Siemens Scalance X201-3P Irt, Siemens Scalance X201-3P Irt Pro Firmware.