CVE-2023-29054: Weak Encryption
First published: Tue Apr 11 2023(Updated: )
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Scalance X200-4p Irt Firmware | <5.5.2 | |
| Siemens Scalance X200-4p Irt | ||
| Siemens Scalance X201-3p Irt Firmware | <5.5.2 | |
| Siemens SCALANCE X201-3P IRT | ||
| Siemens Scalance X201-3p Irt Pro Firmware | <5.5.2 | |
| Siemens SCALANCE X201-3P IRT PRO | ||
| Siemens Scalance X202-2irt Firmware | <5.5.2 | |
| Siemens Scalance X202-2irt | ||
| Siemens Scalance X202-2p Irt Firmware | <5.5.2 | |
| Siemens Scalance X202-2p Irt | ||
| Siemens Scalance X202-2p Irt Pro Firmware | <5.5.2 | |
| Siemens SCALANCE X202-2P IRT PRO | ||
| Siemens Scalance X204irt Firmware | <5.5.2 | |
| Siemens Scalance X204irt | ||
| Siemens Scalance X204irt Pro Firmware | <5.5.2 | |
| Siemens Scalance X204irt Pro | ||
| Siemens Scalance Xf201-3p Irt Firmware | <5.5.2 | |
| Siemens Scalance Xf201-3p Irt | ||
| Siemens Scalance Xf202-2p Irt Firmware | <5.5.2 | |
| Siemens Scalance Xf202-2p Irt | ||
| Siemens Scalance Xf204-2ba Irt Firmware | <5.5.2 | |
| Siemens Scalance Xf204-2ba Irt | ||
| Siemens Scalance Xf204irt Firmware | <5.5.2 | |
| Siemens Scalance Xf204irt | ||
| Siemens Siplus Net Scalance X202-2p Irt Firmware | <5.5.2 | |
| Siemens Siplus Net Scalance X202-2p Irt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-29054.
What is the severity value of CVE-2023-29054?
The severity value of CVE-2023-29054 is 7.4 (High).
Which Siemens products are affected by CVE-2023-29054?
Siemens SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204IRT, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204-2BA IRT, and Siemens Siplus Net Scalance X202-2P IRT are affected by CVE-2023-29054.
What is the recommended solution for CVE-2023-29054?
Updating to version 5.5.2 or later of the affected Siemens SCALANCE devices' firmware is recommended to fix CVE-2023-29054.
Where can I find more information about CVE-2023-29054?
You can find more information about CVE-2023-29054 in the CERT-Portal advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-479249.pdf.
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens scalance x200-4p irt firmware
- canonical/siemens scalance x200-4p irt
- canonical/siemens scalance x201-3p irt firmware
- canonical/siemens scalance x201-3p irt
- canonical/siemens scalance x201-3p irt pro firmware
- canonical/siemens scalance x201-3p irt pro
- canonical/siemens scalance x202-2irt firmware
- canonical/siemens scalance x202-2irt
- canonical/siemens scalance x202-2p irt firmware
- canonical/siemens scalance x202-2p irt
- canonical/siemens scalance x202-2p irt pro firmware
- canonical/siemens scalance x202-2p irt pro
- canonical/siemens scalance x204irt firmware
- canonical/siemens scalance x204irt
- canonical/siemens scalance x204irt pro firmware
- canonical/siemens scalance x204irt pro
- canonical/siemens scalance xf201-3p irt firmware
- canonical/siemens scalance xf201-3p irt
- canonical/siemens scalance xf202-2p irt firmware
- canonical/siemens scalance xf202-2p irt
- canonical/siemens scalance xf204-2ba irt firmware
- canonical/siemens scalance xf204-2ba irt
- canonical/siemens scalance xf204irt firmware
- canonical/siemens scalance xf204irt
- canonical/siemens siplus net scalance x202-2p irt firmware
- canonical/siemens siplus net scalance x202-2p irt