Rewterz Threat Alert – IObit Forums Hacked to Spread DeroHE Ransomware
January 19, 2021Rewterz Threat Alert – GandCrab Malware – IoCs
January 19, 2021Rewterz Threat Alert – IObit Forums Hacked to Spread DeroHE Ransomware
January 19, 2021Rewterz Threat Alert – GandCrab Malware – IoCs
January 19, 2021Severity
High
Analysis Summary
CVE-2020-28391
Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could exploit this vulnerability to create a man-in-the-middle situation and decrypt previously captured traffic.
CVE-2020-28395
Devices do not create a new unique private key after factory reset. An attacker could exploit this vulnerability to create a man-in-the-middle situation and decrypt previously captured traffic.
Impact
- Man-in-the-middle attack
- Decryption previously captured traffic
Affected Vendors
Siemens
Affected Products
- SCALANCE X-200 switch family (incl. SIPLUS NET variants) All versions
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) All versions
- SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) All versions prior to v4.1.0
Remediation
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) Update to v4.1.0 or later.