CVE-2019-6567
N/A
N/A
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SCALANCE X-200 switch family (incl. SIPLUS NET variants) | All Versions < V5.2.4 | affected |
| Siemens | SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) | All versions < V5.5.0 | affected |
| Siemens | SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) | All versions < V4.1.3 | affected |
| Siemens | SCALANCE X-414-3E | All versions | affected |
Weaknesses
- CWE-257: CWE-257: Storing Passwords in a Recoverable Format
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.