Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-4840.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Missing Authentication For Critical Function (CVE-2018-4840)

2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

49.8%

JSON

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500119);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2018-4840");

  script_name(english:"Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Missing Authentication For Critical Function (CVE-2018-4840)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions
< V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions
< V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All
versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device
configuration overwriting access authorization passwords.  

This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has provided the following updates for mitigations:

- DIGSI 4: Update to v4.92.
- EN100 Ethernet module IEC 61850 variant: Update to v4.30.

- EN100 Ethernet module DNP3 variant: Update to v4.30 and configure DIGSI 4 connection password.

- SIPROTEC Compact 7SJ80: Update to v4.77.
- SIPROTEC Compact 7SK80: Update to v4.77.
- SIPROTEC 4 7SJ61, 7SJ62, and 7SJ64: Update to v4.96.
- SIPROTEC 4 7SJ66: Update to v4.30.
- SIPROTEC 4 7SD80: Update to v4.70.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment
according to Siemens operational guidelines for Industrial Security and following the recommendations in the product
manuals.

Recommended security guidelines to secure substations and defense in depth can be found at:
https://www.siemens.com/gridsecurity.

For more information on these vulnerabilities and associated software updates, please see Siemens security advisory
SSA-203306");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4840");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(306);

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_compact_7sj80_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_compact_7sk80_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_4_7sj66_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:digsi_4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:en100_ethernet_module_iec_104_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:en100_ethernet_module_dnp3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:en100_ethernet_module_modbus_tcp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:en100_ethernet_module_profinet_io_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:en100_ethernet_module_iec_61850_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:siprotec_compact_7sj80_firmware" :
        {"versionEndExcluding" : "4.77", "family" : "Siprotec"},
    "cpe:/o:siemens:siprotec_compact_7sk80_firmware" :
        {"versionEndExcluding" : "4.77", "family" : "Siprotec"},
    "cpe:/o:siemens:siprotec_4_7sj66_firmware" :
        {"versionEndExcluding" : "4.30", "family" : "Siprotec4"},
    "cpe:/o:siemens:digsi_4" :
        {"versionEndExcluding" : "4.92", "family" : "Siprotec4"},
    "cpe:/o:siemens:en100_ethernet_module_iec_104_firmware:-" :
        {"family" : "Siprotec4"},
    "cpe:/o:siemens:en100_ethernet_module_dnp3_firmware:-" :
        {"family" : "Siprotec4"},
    "cpe:/o:siemens:en100_ethernet_module_modbus_tcp_firmware:-" :
        {"family" : "Siprotec4"},
    "cpe:/o:siemens:en100_ethernet_module_profinet_io_firmware:-" :
        {"family" : "Siprotec4"},
    "cpe:/o:siemens:en100_ethernet_module_iec_61850_firmware" :
        {"versionEndExcluding" : "4.30", "family" : "Siprotec4"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemenssiprotec_compact_7sj80_firmwarecpe:/o:siemens:siprotec_compact_7sj80_firmware
siemenssiprotec_compact_7sk80_firmwarecpe:/o:siemens:siprotec_compact_7sk80_firmware
siemenssiprotec_4_7sj66_firmwarecpe:/o:siemens:siprotec_4_7sj66_firmware
siemensdigsi_4cpe:/o:siemens:digsi_4
siemensen100_ethernet_module_iec_104_firmware-cpe:/o:siemens:en100_ethernet_module_iec_104_firmware:-
siemensen100_ethernet_module_dnp3_firmware-cpe:/o:siemens:en100_ethernet_module_dnp3_firmware:-
siemensen100_ethernet_module_modbus_tcp_firmware-cpe:/o:siemens:en100_ethernet_module_modbus_tcp_firmware:-
siemensen100_ethernet_module_profinet_io_firmware-cpe:/o:siemens:en100_ethernet_module_profinet_io_firmware:-
siemensen100_ethernet_module_iec_61850_firmwarecpe:/o:siemens:en100_ethernet_module_iec_61850_firmware

Related

nvd 1
ptsecurity 1
prion 1
cvelist 1
nessus 1
cve 1
ics 1
nvd
nvd
CVE-2018-4840
2018-03-08 17:29:00
ptsecurity
ptsecurity
PT-2018-03: Control Takeover in Siemens DIGSI 4 and EN100 Ethernet modules
2015-12-17 00:00:00
prion
prion
Authorization
2018-03-08 17:29:00
cvelist
cvelist
CVE-2018-4840
2018-03-08 17:00:00
nessus
nessus
Siemens Siprotec Missing Authentication for Critical Function
2019-11-08 00:00:00
cve
cve
CVE-2018-4840
2018-03-08 17:29:00
ics
ics
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D)
2021-07-13 12:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

49.8%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2018-4840.NASL
nvd1ptsecurity1prion1cvelist1nessus1cve1ics1