CVE-2019-6567— Siemens Scalance X-300 信任管理问题漏洞

N/A

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.

N/A

以可恢复格式存储口令

Siemens Scalance X-300 信任管理问题漏洞

Siemens Scalance X-300是德国西门子（Siemens）公司的一款工业级以太网交换机。 多款 Scalance 产品中存在信任管理问题漏洞，该漏洞源于程序将密码存储为可恢复的格式。攻击者可利用该漏洞提取并恢复设备密码。以下产品及版本受到影响：Siemens SCALANCE X-200 5.2.4之前版本；SCALANCE X-200IRT（全部版本）；SCALANCE X-300（全部版本）；SCALANCE X-414-3E（全部版本）。

N/A

N/A