cbcvebase.
CVE-2023-29054
published 2023-04-11

CVE-2023-29054: A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO…

PriorityP341high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
0.26%
16.8th percentile
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
siemensscalance_x200-4p_irt
siemensscalance_x200-4p_irt_firmware< 5.5.25.5.2
siemensscalance_x201-3p_irt
siemensscalance_x201-3p_irt_firmware< 5.5.25.5.2
siemensscalance_x201-3p_irt_pro
siemensscalance_x201-3p_irt_pro_firmware< 5.5.25.5.2
siemensscalance_x202-2irt
siemensscalance_x202-2irt_firmware< 5.5.25.5.2
siemensscalance_x202-2p_irt
siemensscalance_x202-2p_irt_firmware< 5.5.25.5.2
siemensscalance_x202-2p_irt_pro
siemensscalance_x202-2p_irt_pro_firmware< 5.5.25.5.2
siemensscalance_x204irt
siemensscalance_x204irt_firmware< 5.5.25.5.2
siemensscalance_x204irt_pro
siemensscalance_x204irt_pro_firmware< 5.5.25.5.2
siemensscalance_xf201-3p_irt
siemensscalance_xf201-3p_irt_firmware< 5.5.25.5.2
siemensscalance_xf202-2p_irt
siemensscalance_xf202-2p_irt_firmware< 5.5.25.5.2
siemensscalance_xf204-2ba_irt
siemensscalance_xf204-2ba_irt_firmware< 5.5.25.5.2
siemensscalance_xf204irt
siemensscalance_xf204irt_firmware< 5.5.25.5.2
siemenssiplus_net_scalance_x202-2p_irt
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.