A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500747);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2018-4834");
script_name(english:"Siemens Desigo PXC Improper Authentication (CVE-2018-4834)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo Automation Controllers
Products and Desigo Operator Unit PXM20-E. A remote attacker with
network access to the device could potentially upload a new firmware
image to the devices without prior authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-025-02b");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has provided updated versions that fix the vulnerability for the affected products. Siemens recommends users
update to version v4.10.111, v5.00.171, v5.10.069, or v6.00.204 or later. Updates can be obtained from Siemens customer
support or a local partner.
As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate
mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the
devices in a protected IT environment.
https://www.siemens.com/cert/operational-guidelines-industrial-security
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security
Advisory SSA-824231 at the following location:
http://www.siemens.com/cert/en/cert-security-advisories.htm");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4834");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(434);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/24");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc001-e.d_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxm20-e_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:pxc001-e.d_firmware" :
{"versionEndExcluding" : "6.00.204", "family" : "Desigo"},
"cpe:/o:siemens:pxm20-e_firmware" :
{"versionEndExcluding" : "6.00.204", "family" : "Desigo"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | pxc001-e.d_firmware | cpe:/o:siemens:pxc001-e.d_firmware | |
siemens | pxm20-e_firmware | cpe:/o:siemens:pxm20-e_firmware |