A vulnerability has been identified in SIMATIC NET CP 342-5 (incl.
SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl.
SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs’ configuration was stored on their corresponding CPUs.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501108);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/25");
script_cve_id("CVE-2015-8214");
script_name(english:"Siemens SIMATIC Communication Processor (CVE-2015-8214)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC NET CP 342-5 (incl.
SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl.
SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean
(incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1
Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET
CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9),
SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions <
V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All
versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE /
TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions <
V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions <
V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions <
V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions <
V3.1.0). The implemented access protection level enforcement of the
affected communication processors (CP) could possibly allow
unauthenticated users to perform administrative operations on the CPs
if network access (port 102/TCP) is available and the CPs'
configuration was stored on their corresponding CPUs.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6b3db51");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/78345");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1034279");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-15-335-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has released the following updates for Communication Processor (CP) module families CP 343-1/TIM 3VIE/ TIM
4R-IE/CP 443-1 to resolve this issue:
- SIMATIC NET CP 343-1 Advanced: Update to v3.0.44
- SIMATIC NET CP 343-1 Lean / Standard: Update to v3.1.1
- SIMATIC NET CP 443-1 Advanced / Standard: Update to v3.2.9
- TIM 3V-IE / TIM 3V-IE Advanced / TIM 4R-IE: Update to v2.6.0
- TIM 3V-IE DNP3: Update to v3.1.0
- TIM 4R-IE DNP3: Update to v3.1.0
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens operational guidelines for industrial security, and following the recommendations in
the product manuals.
Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information on this vulnerability and detailed instructions, please see Siemens Security Advisory SSA-763427");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8214");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(264);
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/27");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_343-1_advanced_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_343-1_lean_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_443-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_443-1_advanced_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_cp_443-1_firmware" :
{"versionEndIncluding" : "3.2.9", "family" : "S7400"},
"cpe:/o:siemens:simatic_cp_443-1_advanced_firmware" :
{"versionEndIncluding" : "3.2.9", "family" : "S7400"},
"cpe:/o:siemens:simatic_cp_343-1_lean_firmware" :
{"versionEndIncluding" : "3.1.1", "family" : "S7300"},
"cpe:/o:siemens:simatic_cp_343-1_advanced_firmware" :
{"versionEndIncluding" : "3.0.44", "family" : "S7300"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | simatic_cp_343-1_advanced_firmware | cpe:/o:siemens:simatic_cp_343-1_advanced_firmware | |
siemens | simatic_cp_343-1_lean_firmware | cpe:/o:siemens:simatic_cp_343-1_lean_firmware | |
siemens | simatic_cp_443-1_firmware | cpe:/o:siemens:simatic_cp_443-1_firmware | |
siemens | simatic_cp_443-1_advanced_firmware | cpe:/o:siemens:simatic_cp_443-1_advanced_firmware |