The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500995);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/14");
script_cve_id("CVE-2018-5391");
script_xref(name:"RHSA", value:"RHSA-2018:2948");
script_xref(name:"RHSA", value:"RHSA-2018:2791");
script_xref(name:"RHSA", value:"RHSA-2018:2785");
script_xref(name:"RHSA", value:"RHSA-2018:2785");
script_xref(name:"RHSA", value:"RHSA-2018:2846");
script_xref(name:"RHSA", value:"RHSA-2018:2933");
script_xref(name:"RHSA", value:"RHSA-2018:2933");
script_xref(name:"RHSA", value:"RHSA-2018:2925");
script_xref(name:"RHSA", value:"RHSA-2018:2924");
script_xref(name:"RHSA", value:"RHSA-2018:3096");
script_xref(name:"RHSA", value:"RHSA-2018:3096");
script_xref(name:"RHSA", value:"RHSA-2018:3083");
script_xref(name:"RHSA", value:"RHSA-2018:3083");
script_xref(name:"RHSA", value:"RHSA-2018:3459");
script_xref(name:"RHSA", value:"RHSA-2018:3590");
script_xref(name:"RHSA", value:"RHSA-2018:3590");
script_xref(name:"RHSA", value:"RHSA-2018:3586");
script_xref(name:"RHSA", value:"RHSA-2018:3540");
script_xref(name:"DSA", value:"DSA-4272");
script_xref(name:"USN", value:"USN-3742-2");
script_xref(name:"USN", value:"USN-3742-1");
script_xref(name:"USN", value:"USN-3741-2");
script_xref(name:"USN", value:"USN-3741-1");
script_xref(name:"USN", value:"USN-3741-1");
script_xref(name:"USN", value:"USN-3740-2");
script_xref(name:"USN", value:"USN-3740-1");
script_xref(name:"USN", value:"USN-3740-1");
script_name(english:"Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The Linux kernel, versions 3.9+, is vulnerable to a denial of service
attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service
condition by sending specially crafted IP fragments. Various
vulnerabilities in IP fragmentation have been discovered and fixed
over the years. The current vulnerability (CVE-2018-5391) became
exploitable in the Linux kernel with the increase of the IP fragment
reassembly queue size.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.kb.cert.org/vuls/id/641765");
# https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fbfb7b03");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4272");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3742-2/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-105-05");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3742-1/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3741-2/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3741-1/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3740-2/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3740-1/");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041476");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/105108");
script_set_attribute(attribute:"see_also", value:"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041637");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2791");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2785");
script_set_attribute(attribute:"see_also", value:"https://security.netapp.com/advisory/ntap-20181003-0002/");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2846");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2933");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2925");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2924");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3096");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3083");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2948");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3459");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3590");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3586");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3540");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/06/28/2");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/07/06/3");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/07/06/4");
# https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a9deb46b");
# http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?13522391");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends applying updates, where available:
- RUGGEDCOM RM 1224: Update to v6.1
- RUGGEDCOM ROX II: Update to v2.13.3
- SCALANCE M-800 family: Update to v6.1
- SCALANCE S615: Update to v6.1
- SCALANCE SC-600: Update to v2.0 or later version
- SCALANCE W1700 IEEE 802.11 ac: Update to v2.0
- SCALANCE W700 IEEE 802.11a/b/g/n: Update to v6.4
- SIMATIC CP 1242-7 and 1243-1 (incl. SIPLUS NET variants): Update to v3.2
- SIMATIC CP 1243-7 LTE EU & US: Update to v3.2
- SIMATIC CP 1243-8 IRC: Update to v3.2
- SIMATIC CP 1542SP-1 and 1542SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC 1543SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants): Update to v2.2
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants): Update to v2.1
- SINEMA Remote Connect Server: Update to v2.1
- SIMATIC RF 18xC/CI: Update to v1.3 or later
Siemens has not identified any specific mitigations or workarounds and recommends following their general security
recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with
appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring
the environment according to the Siemens operational guidelines for Industrial Security and following the
recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-377115");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5391");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m-800_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_sc-600_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1700_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w700_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1242-7_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rm1224_firmware" :
{"versionEndExcluding" : "6.1", "family" : "RuggedCom"},
"cpe:/o:siemens:scalance_m-800_series_firmware" :
{"versionEndExcluding" : "6.1", "family" : "SCALANCEM"},
"cpe:/o:siemens:scalance_s615_firmware" :
{"versionEndExcluding" : "6.1", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_sc-600_series_firmware" :
{"versionEndExcluding" : "2.0", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_w1700_series_firmware" :
{"versionEndExcluding" : "2.0", "family" : "SCALANCEW"},
"cpe:/o:siemens:scalance_w700_series_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCEW"},
"cpe:/o:siemens:simatic_net_cp_1242-7_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-1_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1543-1_firmware" :
{"versionEndExcluding" : "2.2", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | simatic_net_cp_1543-1_firmware | cpe:/o:siemens:simatic_net_cp_1543-1_firmware | |
siemens | simatic_net_cp_1543sp-1_firmware | cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware | |
siemens | ruggedcom_rm1224_firmware | cpe:/o:siemens:ruggedcom_rm1224_firmware | |
siemens | scalance_m-800_series_firmware | cpe:/o:siemens:scalance_m-800_series_firmware | |
siemens | scalance_s615_firmware | cpe:/o:siemens:scalance_s615_firmware | |
siemens | scalance_sc-600_series_firmware | cpe:/o:siemens:scalance_sc-600_series_firmware | |
siemens | scalance_w1700_series_firmware | cpe:/o:siemens:scalance_w1700_series_firmware | |
siemens | scalance_w700_series_firmware | cpe:/o:siemens:scalance_w700_series_firmware | |
siemens | simatic_net_cp_1242-7_firmware | cpe:/o:siemens:simatic_net_cp_1242-7_firmware | |
siemens | simatic_net_cp_1243-1_firmware | cpe:/o:siemens:simatic_net_cp_1243-1_firmware |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
www.nessus.org/u?13522391
www.nessus.org/u?a9deb46b
www.nessus.org/u?fbfb7b03
www.openwall.com/lists/oss-security/2019/06/28/2
www.openwall.com/lists/oss-security/2019/07/06/3
www.openwall.com/lists/oss-security/2019/07/06/4
www.securityfocus.com/bid/105108
www.securitytracker.com/id/1041476
www.securitytracker.com/id/1041637
access.redhat.com/errata/RHSA-2018:2785
access.redhat.com/errata/RHSA-2018:2791
access.redhat.com/errata/RHSA-2018:2846
access.redhat.com/errata/RHSA-2018:2924
access.redhat.com/errata/RHSA-2018:2925
access.redhat.com/errata/RHSA-2018:2933
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/errata/RHSA-2018:3459
access.redhat.com/errata/RHSA-2018:3540
access.redhat.com/errata/RHSA-2018:3586
access.redhat.com/errata/RHSA-2018:3590
cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
lists.debian.org/debian-lts-announce/2018/08/msg00014.html
lists.debian.org/debian-lts-announce/2019/03/msg00017.html
security.netapp.com/advisory/ntap-20181003-0002/
usn.ubuntu.com/3740-1/
usn.ubuntu.com/3740-2/
usn.ubuntu.com/3741-1/
usn.ubuntu.com/3741-2/
usn.ubuntu.com/3742-1/
usn.ubuntu.com/3742-2/
www.cisa.gov/news-events/ics-advisories/icsa-20-105-05
www.debian.org/security/2018/dsa-4272
www.kb.cert.org/vuls/id/641765