First published: Wed Jun 12 2019(Updated: )
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Scalance X-200 Firmware | <5.2.4 | |
Siemens SCALANCE X-200 | ||
Siemens Scalance X-200irt Firmware | ||
Siemens Scalance X-200irt | ||
Siemens Scalance X-300 Firmware | ||
Siemens SCALANCE X-300 | ||
Siemens Scalance X-414-3e Firmware | ||
Siemens Scalance X-414-3e |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-6567.
CVE-2019-6567 has a severity level of medium (5.5).
Siemens SCALANCE X-200, SIPLUS NET variants (All Versions < V5.2.4), SCALANCE X-200IRT, SIPLUS NET variants (All versions < V5.5.0), SCALANCE X-300, SIPLUS NET variants (All versions < V4.1.3), and SCALANCE X-414-3e are affected by CVE-2019-6567.
There is currently no workaround available for CVE-2019-6567. It is recommended to apply the necessary patches or updates provided by Siemens.
You can find more information about CVE-2019-6567 in the Siemens ProductCERT PDF: https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf