#VU75031 Inadequate Encryption Strength in Siemens products - CVE-2023-29054

Cybersecurity Help s.r.o.

Published: 2023-04-12

Vulnerability identifier: #VU75031

Vulnerability risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29054

CWE-ID: CWE-326

Exploitation vector: Local network

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the SSH server is configured to offer weak ciphers by default. A remote attacker on the local network can perform a man-in-the-middle attack to read and modify any data passed over the connection between legitimate clients and the affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SCALANCE X200-4P IRT: before 5.5.2

SCALANCE X201-3P IRT: before 5.5.2

SCALANCE X201-3P IRT PRO: before 5.5.2

SCALANCE X202-2IRT: before 5.5.2

SCALANCE X202-2P IRT: before 5.5.2

SCALANCE X202-2P IRT PRO: before 5.5.2

SCALANCE X204IRT: before 5.5.2

SCALANCE X204IRT PRO: before 5.5.2

SCALANCE XF201-3P IRT: before 5.5.2

SCALANCE XF202-2P IRT: before 5.5.2

SCALANCE XF204-2BA IRT: before 5.5.2

SCALANCE XF204IRT: before 5.5.2

SIPLUS NET SCALANCE X202-2P IRT: before 5.5.2

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Inadequate Encryption Strength in Siemens SCALANCE X-200IRT Devices