Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-4833.NASLHistoryJan 25, 2023 - 12:00 a.m.
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Heap-Based Buffer Overflow (CVE-2018-4833)
2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
siemens
scalance x
ruggedcom
wimax
rfid 181-eip
simatic
vulnerability
remote code execution
dhcp
tenable.ot
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a clientβs DHCP request.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500746);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2018-4833");
script_name(english:"Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Heap-Based Buffer Overflow (CVE-2018-4833)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in RFID 181EIP (All versions),
RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch
family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE
X-200IRT switch family (incl. SIPLUS NET variants) (All versions <
V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6),
SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions
< V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All
versions), SIMATIC RF182C (All versions). Unprivileged remote
attackers located in the same local network segment (OSI Layer 2)
could gain remote code execution on the affected products by sending a
specially crafted DHCP response to a client's DHCP request.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-165-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has provided updates for the following products to fix the vulnerability:
- RUGGEDCOM Win: Update to v5.2
- SCALANCE X-200: Update to v5.2.3
- SCALANCE X-200 IRT: Update to v5.4.1
- SCALANCE X-200RNA: Update to v3.2.6
- SCALANCE X-300 & SCALANCE X408: Update to v4.1.3
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Use static IP addresses instead of DHCP
- Apply cell protection concept.
- Apply Defense-in-Depth.
- For SIMATIC RF182C and RFID 181EIP: Migrate to a successor product within the SIMATIC RF18xC/CI family, v1.3 or later
version. For details refer to the phase-out announcement.
As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the
environment according to SiemensΓ’ΒΒ operational guidelines for Industrial Security, and follow the recommendations in the
product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information on this vulnerability and associated software updates, please see Siemens security advisory
SSA-181018");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4833");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(122);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200irt_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x300_series_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x414_firmware:-");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x204rna_firmware:-" :
{"versionEndExcluding" : "3.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x408_firmware:-" :
{"family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_x414_firmware:-" :
{"family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_x200_series_firmware" :
{"versionEndExcluding" : "5.2.3", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x200irt_series_firmware" :
{"versionEndExcluding" : "5.4.1", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x300_series_firmware:-" :
{"family" : "SCALANCEX300"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_x200_series_firmware | cpe:/o:siemens:scalance_x200_series_firmware | |
| siemens | scalance_x200irt_series_firmware | cpe:/o:siemens:scalance_x200irt_series_firmware | |
| siemens | scalance_x204rna_firmware | - | cpe:/o:siemens:scalance_x204rna_firmware:- |
| siemens | scalance_x300_series_firmware | - | cpe:/o:siemens:scalance_x300_series_firmware:- |
| siemens | scalance_x408_firmware | - | cpe:/o:siemens:scalance_x408_firmware:- |
| siemens | scalance_x414_firmware | - | cpe:/o:siemens:scalance_x414_firmware:- |
Related
cvelist
cvelist
CVE-2018-4833
2018-06-14 16:00:00
ics
ics
nvd
nvd
CVE-2018-4833
2018-06-14 16:29:00
prion
prion
Design/Logic Flaw
2018-06-14 16:29:00
cve
cve
CVE-2018-4833
2018-06-14 16:29:00
8.9 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
Related for TENABLE_OT_SIEMENS_CVE-2018-4833.NASL