Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-4834.NASLHistoryJan 25, 2023 - 12:00 a.m.
Siemens Desigo PXC Improper Authentication (CVE-2018-4834)
2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
siemens desigo pxc
improper authentication
cve-2018-4834
tenable.ot
firmware upload
network access
security advisory.
A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500747);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2018-4834");
script_name(english:"Siemens Desigo PXC Improper Authentication (CVE-2018-4834)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo Automation Controllers
Products and Desigo Operator Unit PXM20-E. A remote attacker with
network access to the device could potentially upload a new firmware
image to the devices without prior authentication.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-025-02b");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has provided updated versions that fix the vulnerability for the affected products. Siemens recommends users
update to version v4.10.111, v5.00.171, v5.10.069, or v6.00.204 or later. Updates can be obtained from Siemens customer
support or a local partner.
As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate
mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the
devices in a protected IT environment.
https://www.siemens.com/cert/operational-guidelines-industrial-security
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security
Advisory SSA-824231 at the following location:
http://www.siemens.com/cert/en/cert-security-advisories.htm");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4834");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(434);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/24");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc001-e.d_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxm20-e_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:pxc001-e.d_firmware" :
{"versionEndExcluding" : "6.00.204", "family" : "Desigo"},
"cpe:/o:siemens:pxm20-e_firmware" :
{"versionEndExcluding" : "6.00.204", "family" : "Desigo"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | pxc001-e.d_firmware | cpe:/o:siemens:pxc001-e.d_firmware | |
| siemens | pxm20-e_firmware | cpe:/o:siemens:pxm20-e_firmware |
Related
prion
prion
Authentication flaw
2018-01-24 16:29:00
nvd
nvd
CVE-2018-4834
2018-01-24 16:29:00
ics
ics
Siemens Desigo PXC
2018-01-25 00:00:00
Siemens Desigo PXC (Update A)
2018-01-25 00:00:00
Siemens Desigo PXC (Update C)
2019-03-12 12:00:00
cvelist
cvelist
CVE-2018-4834
2018-01-24 00:00:00
cve
cve
CVE-2018-4834
2018-01-24 16:29:00
9.5 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.3%
Related for TENABLE_OT_SIEMENS_CVE-2018-4834.NASL