-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# SSA-274900: Use of hardcoded key in Scalance X devices under certain conditions

Publication Date:        2021-01-12
Last Update:             2021-02-09
Current Version:         1.1
CVSS v3.1 Base Score:    9.1

SUMMARY
=======

Scalance X devices might not generate a unique random key after factory
reset, and use a private key shipped with the firmware

Siemens has released updates for several affected products and
recommends to update to the latest versions. Siemens is preparing
further updates and recommends specific countermeasures for products
where updates are not, or not yet available.


AFFECTED PRODUCTS AND SOLUTION
==============================


* SCALANCE X-200 switch family (incl. SIPLUS NET variants) 
  - Affected versions:
       All Versions
  - Affected by vulnerabilities:
    - CVE-2020-28391
  - Remediation:
        See recommendations from section Workarounds and Mitigations

* SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) 
  - Affected versions:
       All versions < V5.5.0
  - Affected by vulnerabilities:
    - CVE-2020-28391
  - Remediation:
       Update to V5.5.0 or later version
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109792534/

* SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) 
  - Affected versions:
       All versions < V4.1.0
  - Affected by vulnerabilities:
    - CVE-2020-28395
  - Remediation:
       Update to V4.1.0 or later version (for supported devices)
  - Download:
       https://support.industry.siemens.com/cs/ww/en/view/109773547/


WORKAROUNDS AND MITIGATIONS
===========================

Siemens has identified the following specific workarounds and mitigations that
customers can apply to reduce the risk:

* Update the default selfsigned device X.509 certificates with own trusted
certificate
  
* Update the default hardcoded X.509 certificates from the firmware image
(fingerprints SHA-1:
F2:C8:3B:8F:86:27:74:AA:60:EC:D4:A0:CF:0D:BE:A6:D1:FE:22:12 and SHA-256:
25:60:DB:B3:
F9:07:9D:69:0E:DD:A9:EB:4E:1C:D5:8E:AF:79:16:C3:C8:13:A6:F6:59:AD:05:E4:6F:77:F7:72)
  


GENERAL SECURITY RECOMMENDATIONS
================================

As a general security measure, Siemens strongly recommends to protect
network access to devices with appropriate mechanisms. In order to
operate the devices in a protected IT environment, Siemens recommends to
configure the environment according to Siemens' operational guidelines
for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security),
and to follow the recommendations in the product manuals.

Additional information on Industrial Security by Siemens can be found
at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION
===================

SCALANCE X switches are used to connect industrial components like
Programmable Logic Controllers (PLCs) or Human Machine Interfaces
(HMIs).

SIPLUS extreme products are designed for reliable operation under
extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS,
SIMOTION, SCALANCE or other devices. SIPLUS devices use the same
firmware as the product they are based on.

VULNERABILITY CLASSIFICATION
============================

The vulnerability classification has been performed by using the CVSS scoring
system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS 
environmental score is specific to the customer's environment and will impact
the overall CVSS score. The environmental score should therefore be 
individually defined by the customer to accomplish final scoring.

An additional classification has been performed using the CWE classification, a
community-developed list of common software security weaknesses. This serves as
a common language and as a baseline for weakness identification, mitigation,
and prevention efforts. A detailed list of CWE classes can be found at:
https://cwe.mitre.org/.



* Vulnerability CVE-2020-28391

  Devices create a new unique key upon factory reset, except when used
  with C-PLUG. When used with C-PLUG the devices use the hardcoded private
  RSA-key shipped with the firmware-image. An attacker could leverage this
  situation to a man-in-the-middle situation and decrypt previously
  captured traffic.

  CVSS v3.1 Base Score: 9.1
  CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C
  CWE:                  CWE-321: Use of Hard-coded Cryptographic Key

* Vulnerability CVE-2020-28395

  Devices do not create a new unique private key after factory reset. An
  attacker could leverage this situation to a man-in-the-middle situation
  and decrypt previously captured traffic.

  CVSS v3.1 Base Score: 9.1
  CVSS Vector:          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C
  CWE:                  CWE-321: Use of Hard-coded Cryptographic Key




ADDITIONAL INFORMATION
======================
These vulnerabilities have been discovered internally by Siemens.

For further inquiries on security vulnerabilities in Siemens products and 
solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


HISTORY DATA
============

V1.0 (2021-01-12): Publication Date
V1.1 (2021-02-09): Added update information for SCALANCE X-200IRT switch family

TERMS OF USE
============

Siemens Security Advisories are subject to the terms and conditions contained
in Siemens' underlying license terms or other applicable agreements previously
agreed to with Siemens (hereinafter "License Terms"). To the extent applicable
to information, software or documentation made available in or through a
Siemens Security Advisory, the Terms of Use of Siemens' Global Website
(https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in
particular Sections 8-10 of the Terms of Use, shall apply additionally. In case
of conflicts, the License Terms shall prevail over the Terms of Use.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElTRCLAVwzKf/b8X80/SB6hFKr+QFAmAh0IAACgkQ0/SB6hFK
r+TaPxAAtBDx26ksjeLeq5J/MCQ/k5jkhCUWJcXdTDeNZufYsRtOVniN/0YiMeg9
Jx+7aBYGdA5vun1KpXU8qyy7Qz00pzWjb+ONaBCQHd3GrQz19DNPTnchRWGjMeXM
BAh5pWD33oGPvvZshsQ2tk1fiVBcae5CC9xRbiCKSfBeoSxnLbD6tYsq9z5BYJtO
dt+meNiXNIp5/O9tTd7ks8ejCVKAd8GFPGWDvRdd7+4RGau9AhclUFK01Hem/vze
jnqNIL0LV48zLwDzX6sMmnTIiK69tMgRiHTjy0OasZv75FhRUkuWkayM7r0HUWiw
nqkg6cpKXo7bsqnbxfNV9p4/2I3QcZGzSLV8rOLT9csTRHRv1qEUTKaP5lauM74a
HUK5VhhE/17uFlhQmzWeaQtDCcQKCyOCSoTZZtJQqYnlHjKPWp5qxPqmHWF2OmNd
1s4bE41roc1LxCww6zLh1+DWzKnUXq2pjv0guM+gxmrWHXgxFI7AEwQI5ajr+xXz
uWTVcgNIGcxRtvUjBg9FPx+OlHsxgrqiUPGZ7Q3kkTGH/kVLxSXcDqn2HxTCN/CD
tSOjXgRml5u8SSUpZnaRQvpp5xQ7qublfJXPYhUh853+Hg+zWaqz2//RcAa0gPnk
5G+KGzP0UmPhypQoyl92LeyorScKEMFf4Yh++MVNYUSvvuCaNFk=
=O2yq
-----END PGP SIGNATURE-----