CVE-2019-6567
Published Jun 12, 2019
Last updated 4 years ago
Overview
- Description
- A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.
- Source
- productcert@siemens.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6FEF9F9F-4066-483B-BF95-3BA5625284DF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "443B5E7B-A491-4883-9853-A88D3B24E220",
"versionEndExcluding": "5.2.4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "94C7BE35-D3A6-488C-BB3D-D17D65DF4B80"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "602CAF2E-2276-455C-82E5-A05BBFC198C5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2D0AB50-6F0B-4232-8C8E-1647410D362D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F2C50BB-CC63-40BE-A5F0-0F0C342586CA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-414-3e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CE7762EE-1253-4A4B-81CF-1A6423135AB6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-414-3e_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9B3E06E-8822-406C-907A-40AE328B311C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]