Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer
2019-11-08T00:00:00
ID OT_500212.NASL Type nessus Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-08T00:00:00
Description
Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets.
File data ot_500212.nasl
{"id": "OT_500212.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets.", "published": "2019-11-08T00:00:00", "modified": "2019-11-08T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/ot/500212", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3017", "http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf", "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-617264.pdf", "https://cert-portal.siemens.com/productcert/pdf/ssa-617264.pdf"], "cvelist": ["CVE-2012-3017"], "immutableFields": [], "lastseen": "2021-09-08T00:13:21", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3017"]}, {"type": "nessus", "idList": ["720186.PRM", "TENABLE_OT_SIEMENS_CVE-2012-3017.NASL"]}], "rev": 4}, "score": {"value": 6.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-3017"]}, {"type": "ics", "idList": ["ICSA-12-212-02"]}, {"type": "nessus", "idList": ["TENABLE_OT_SIEMENS_CVE-2012-3017.NASL"]}]}, "exploitation": null, "vulnersScore": 6.4}, "pluginID": "500212", "sourceData": "File data ot_500212.nasl", "naslFamily": "SCADA", "cpe": ["cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:5.0:*:*:*:*:*:*:*", "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:*:*:*:*:*:*:*:*", "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:*:*:*:*:*:*:*:*", "cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:*:*:*:*:*:*:*:*"], "solution": "Refer to vendor advisory for Security Updates", "nessusSeverity": "High", "cvssScoreSource": "CVE-2012-3017", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2012-07-31T00:00:00", "vulnerabilityPublicationDate": "2012-07-31T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"nessus": [{"lastseen": "2022-02-10T00:00:00", "description": "Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": null, "vector": null}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Siemens (CVE-2012-3017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3017"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:siemens:simatic_s7-400_cpu_firmware:5.0", "cpe:/h:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp", "cpe:/h:siemens:simatic_s7-400_cpu_414-3_pn%2fdp", "cpe:/h:siemens:simatic_s7-400_cpu_416-3_pn%2fdp"], "id": "TENABLE_OT_SIEMENS_CVE-2012-3017.NASL", "href": "https://www.tenable.com/plugins/ot/500212", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500212);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2012-3017\");\n\n script_name(english:\"Siemens (CVE-2012-3017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode\ntransition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. \n\nThis plugin only works with\nTenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.\");\n # http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-617264.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ddbfe25\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-617264.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-400_cpu_firmware:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:siemens:simatic_s7-400_cpu_414-3_pn%2fdp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:siemens:simatic_s7-400_cpu_416-3_pn%2fdp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_s7-400_cpu_firmware:5.0\" :\n {\"versionEndIncluding\" : \"5.0\", \"versionStartIncluding\" : \"5.0\"},\n \"cpe:/h:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp\" : {},\n \"cpe:/h:siemens:simatic_s7-400_cpu_414-3_pn%2fdp\" : {},\n \"cpe:/h:siemens:simatic_s7-400_cpu_416-3_pn%2fdp\" : {}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:25:06", "description": "Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets.", "cvss3": {"score": null, "vector": null}, "published": "2019-05-08T00:00:00", "type": "nessus", "title": "Siemens SIMATIC S7-400 PN CPUs 5.x Malformed HTTP or IP Packets DOS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3017"], "modified": "2019-09-30T00:00:00", "cpe": [], "id": "720186.PRM", "href": "https://www.tenable.com/plugins/nnm/720186", "sourceData": "Binary data 720186.prm", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:27:37", "description": "Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets.", "cvss3": {}, "published": "2012-07-31T10:45:00", "type": "cve", "title": "CVE-2012-3017", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3017"], "modified": "2020-04-13T13:15:00", "cpe": ["cpe:/h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:*", "cpe:/h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:*", "cpe:/o:siemens:simatic_s7-400_cpu_firmware:5.0", "cpe:/h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:*"], "id": "CVE-2012-3017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3017", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\\/dp:*:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:5.0:*:*:*:*:*:*:*", "cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:*:*:*:*:*:*:*:*", "cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:*:*:*:*:*:*:*:*"]}]}
