Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2013-0700.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Siemens SIMATIC S7-1200 CPU Family Denial of Service (CVE-2013-0700)

2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500131);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");

  script_cve_id("CVE-2013-0700");

  script_name(english:"Siemens SIMATIC S7-1200 CPU Family Denial of Service (CVE-2013-0700)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to
cause a denial of service (defect-mode transition and control outage)
via crafted packets to TCP port 102 (aka the ISO-TSAP port).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1f61ca55");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0700");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_s7-1200_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware" :
        {"versionEndExcluding" : "4.0", "family" : "S71200"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssimatic_s7-1200_cpu_1211c_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware
siemenssimatic_s7-1200_cpu_1212c_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware
siemenssimatic_s7-1200_cpu_1212fc_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware
siemenssimatic_s7-1200_cpu_1214_fc_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware
siemenssimatic_s7-1200_cpu_1214c_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware
siemenssimatic_s7-1200_cpu_1215_fc_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware
siemenssimatic_s7-1200_cpu_1215c_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware
siemenssimatic_s7-1200_cpu_1217c_firmwarecpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware
siemenssimatic_s7-1200_firmwarecpe:/o:siemens:simatic_s7-1200_firmware

Related

cve 1
nvd 1
cvelist 1
prion 1
nessus 1
ics 1
openvas 1
cve
cve
CVE-2013-0700
2013-04-22 03:27:13
nvd
nvd
CVE-2013-0700
2013-04-22 03:27:13
cvelist
cvelist
CVE-2013-0700
2013-04-22 01:00:00
prion
prion
Code injection
2013-04-22 03:27:00
nessus
nessus
Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer
2019-11-08 00:00:00
ics
ics
Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities
2018-09-06 12:00:00
openvas
openvas
Siemens SIMATIC S7-1200 Multiple DoS Vulnerabilities (SSA-724606)
2013-04-25 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2013-0700.NASL
cve1nvd1cvelist1prion1nessus1ics1openvas1