critical
9.1
CWE
321 798
Advisory Published
Updated

CVE-2020-28391

First published: Tue Jan 12 2021(Updated: )

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens SCALANCE X-200 switch family (incl. SIPLUS NET variants)<5.2.5
5.2.5
Siemens SCALANCE X200-4PIRT<5.5.0
Siemens SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)
Siemens SCALANCE X201-3P IRT Firmware<5.5.0
Siemens Scalance X201-3P IRT Pro Firmware
Siemens Scalance X202-2P IRT PRO Firmware<5.5.0
Siemens SCALANCE X202-2IRT
Siemens SCALANCE X202-2PIRT SIPLUS NET Firmware<5.5.0
Siemens SCALANCE X202-2P IRT SIPLUS NET
Siemens SIPLUS NET SCALANCE X202-2P IRT<5.5.0
Siemens SCALANCE X202-2P IRT SIPLUS NET
Siemens SCALANCE X204IRT<5.5.0
Siemens Scalance X-200IRT
Siemens Scalance X307-3
Siemens SCALANCE X307-3
Siemens Scalance X307-3LD Firmware
Siemens SCALANCE X307-3LD
Siemens SIPLUS NET SCALANCE X308-2 firmware
Siemens Scalance X308-2M PoE
Siemens Scalance X308-2LD
Siemens Scalance X308-2LD
Siemens Scalance X308-2LH
Siemens Scalance X308-2LH
Siemens Scalance X308-2LH+ Firmware
Siemens Scalance X308-2LH+
Siemens Scalance X308-2M
Siemens Scalance X308-2M Firmware
Siemens Scalance X308-2M PoE
Siemens SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)
Siemens Scalance X310
Siemens Scalance X310
Siemens Scalance X310FE
Siemens Scalance X310FE
Siemens Scalance X320-1FE
Siemens SCALANCE X320-1 FE
Siemens Scalance X320-3LDFE Firmware
Siemens Scalance X320-3LDFE Firmware
Siemens Scalance XB205-3<5.2.5
Siemens Scalance XB205-3 Firmware
Siemens Scalance XB205-3LD<5.2.5
Siemens Scalance XB205-3
Siemens Scalance XB208<5.2.5
Siemens Scalance XB208
Siemens Scalance XB213-3<5.2.5
Siemens Scalance XB213-3LD Firmware
Siemens Scalance XB213-3LD<5.2.5
Siemens Scalance XB213-3LD Firmware
Siemens Scalance XB216<5.2.5
Siemens Scalance XB216 Firmware
Siemens Scalance XC206-2<5.2.5
Siemens Scalance XC206-2 Firmware
Siemens Scalance XC206-2G PoE<5.2.5
Siemens Scalance XC206-2G PoE Firmware
Siemens Scalance XC206-2G PoE EEC<5.2.5
Siemens Scalance XC206-2G PoE EEC Firmware
Siemens Scalance XC206-2SFP<5.2.5
Siemens Siplus Net Scalance XC206-2SFP
Siemens Scalance XC206-2SFP EEC Firmware<5.2.5
Siemens Scalance XC206-2SFP EEC Firmware
Siemens Scalance XC206-2SFP G (E/IP) Firmware<5.2.5
Siemens Scalance XC206-2SFP G (E/IP)
Siemens Scalance XC206-2SFP G (E/IP) Firmware<5.2.5
Siemens Scalance XC206-2SFP G (E/IP)
Siemens Scalance XC206-2SFP G Firmware<5.2.5
Siemens Scalance XC206-2SFP G EEC Firmware
Siemens Siplus Net Scalance XC208 Firmware<5.2.5
Siemens Siplus Net Scalance XC208
Siemens SCALANCE XC208 EEC Firmware<5.2.5
Siemens SCALANCE XC208 EEC Firmware
Siemens Scalance XC208G (E/IP)<5.2.5
Siemens Scalance XC208G (E/IP)
Siemens Scalance XC208G (E/IP) Firmware<5.2.5
Siemens Scalance XC208G (E/IP)
Siemens SCALANCE XC208G (EIP DEF.)<5.2.5
Siemens Scalance XC208G (E/IP)
Siemens Scalance XC208G PoE<5.2.5
Siemens SCALANCE XC208G PoE (54 V DC)
Siemens Scalance XC216EEC Firmware<5.2.5
Siemens SCALANCE XC216-3G PoE (54 V DC)
Siemens Scalance XC216-4C<5.2.5
Siemens Scalance XC216-4C Firmware
Siemens Scalance XC216-4C G (E/IP) Firmware<5.2.5
Siemens Scalance XC216-4C G (E/IP)
Siemens Scalance XC216-4C G (E/IP)<5.2.5
Siemens Scalance XC216-4C G (E/IP)
Siemens Scalance XC216-4C G EEC<5.2.5
Siemens Scalance XC216-4C Firmware
Siemens Scalance XC216EEC<5.2.5
Siemens Scalance XC216EEC Firmware
Siemens Scalance XC224-4C G EEC Firmware<5.2.5
Siemens Scalance XC224-4C G EEC Firmware
Siemens Scalance XC224-4C G (E/IP) Firmware<5.2.5
Siemens Scalance XC224-4C G (E/IP)
Siemens Scalance XC224-4C G EEC<5.2.5
Siemens Scalance XC224-4C G EEC Firmware
Siemens Scalance Xc224 Firmware<5.2.5
Siemens SCALANCE XC224-4C G
Siemens Scalance XF201-3P IRT<5.2.5
Siemens SCALANCE XF201-3P IRT
Siemens Scalance XF202-2P IRT<5.2.5
Siemens SCALANCE XF202-2P IRT
Siemens Scalance XF204 Firmware<5.2.5
Siemens Scalance XF204
Siemens Scalance XF204-2 Firmware<5.2.5
Siemens SCALANCE XF204-2
Siemens Scalance XF204-2BA DNA<5.2.5
Siemens Scalance XF204-2BA DNA
Siemens Scalance XF204-2BA IRT<5.2.5
Siemens SCALANCE XF204-2BA IRT
Siemens Scalance XF204 DNA<5.2.5
Siemens Scalance XF204 DNA
Siemens SCALANCE XF204 IRT<5.2.5
Siemens SCALANCE XF204IRT (6GK5204-0BA00-2BF2)
Siemens Scalance XF206-1<5.2.5
Siemens SCALANCE XF206-1
Siemens Scalance XF208<5.2.5
Siemens SCALANCE XF208
Siemens SCALANCE XP208 (Ethernet/IP)<5.2.5
Siemens Scalance XP208 (EIP)
Siemens Scalance XP208 (EIP) Firmware<5.2.5
Siemens Scalance XP208 (EIP)
Siemens Scalance XP208EEC<5.2.5
Siemens Scalance XP208EEC Firmware
Siemens SCALANCE XP208PoE EEC<5.2.5
Siemens SCALANCE XP208PoE EEC Firmware
Siemens Scalance XP216 (EIP) Firmware<5.2.5
Siemens Scalance XP216 Firmware
Siemens Scalance XP216 (EIP) Firmware<5.2.5
Siemens Scalance XP216 (EIP)
Siemens Scalance XP216EEC<5.2.5
Siemens Scalance XP216EEC Firmware
Siemens Scalance XP216PoE EEC<5.2.5
Siemens Scalance XP216PoE EEC Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2020-28391?

    CVE-2020-28391 has a high severity rating as it allows unauthorized access to SCALANCE X-200 switch family devices.

  • How do I fix CVE-2020-28391?

    To fix CVE-2020-28391, you should upgrade the SCALANCE X-200 switch family firmware to versions V5.2.5 or later.

  • What devices are affected by CVE-2020-28391?

    CVE-2020-28391 affects SCALANCE X-200 switch family devices, including SIPLUS NET variants, with versions lower than V5.2.5.

  • Is CVE-2020-28391 a hardware or software vulnerability?

    CVE-2020-28391 is a software vulnerability found in the firmware of certain SCALANCE X-200 switches.

  • What consequences can occur due to CVE-2020-28391?

    Exploitation of CVE-2020-28391 can lead to unauthorized access and control over the affected SCALANCE switches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203