Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-5391.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)
2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
7 High
AI Score
Confidence
High
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500995);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/14");
script_cve_id("CVE-2018-5391");
script_xref(name:"RHSA", value:"RHSA-2018:2948");
script_xref(name:"RHSA", value:"RHSA-2018:2791");
script_xref(name:"RHSA", value:"RHSA-2018:2785");
script_xref(name:"RHSA", value:"RHSA-2018:2785");
script_xref(name:"RHSA", value:"RHSA-2018:2846");
script_xref(name:"RHSA", value:"RHSA-2018:2933");
script_xref(name:"RHSA", value:"RHSA-2018:2933");
script_xref(name:"RHSA", value:"RHSA-2018:2925");
script_xref(name:"RHSA", value:"RHSA-2018:2924");
script_xref(name:"RHSA", value:"RHSA-2018:3096");
script_xref(name:"RHSA", value:"RHSA-2018:3096");
script_xref(name:"RHSA", value:"RHSA-2018:3083");
script_xref(name:"RHSA", value:"RHSA-2018:3083");
script_xref(name:"RHSA", value:"RHSA-2018:3459");
script_xref(name:"RHSA", value:"RHSA-2018:3590");
script_xref(name:"RHSA", value:"RHSA-2018:3590");
script_xref(name:"RHSA", value:"RHSA-2018:3586");
script_xref(name:"RHSA", value:"RHSA-2018:3540");
script_xref(name:"DSA", value:"DSA-4272");
script_xref(name:"USN", value:"USN-3742-2");
script_xref(name:"USN", value:"USN-3742-1");
script_xref(name:"USN", value:"USN-3741-2");
script_xref(name:"USN", value:"USN-3741-1");
script_xref(name:"USN", value:"USN-3741-1");
script_xref(name:"USN", value:"USN-3740-2");
script_xref(name:"USN", value:"USN-3740-1");
script_xref(name:"USN", value:"USN-3740-1");
script_name(english:"Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The Linux kernel, versions 3.9+, is vulnerable to a denial of service
attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service
condition by sending specially crafted IP fragments. Various
vulnerabilities in IP fragmentation have been discovered and fixed
over the years. The current vulnerability (CVE-2018-5391) became
exploitable in the Linux kernel with the increase of the IP fragment
reassembly queue size.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.kb.cert.org/vuls/id/641765");
# https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fbfb7b03");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4272");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3742-2/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-105-05");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3742-1/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3741-2/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3741-1/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3740-2/");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/3740-1/");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041476");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/105108");
script_set_attribute(attribute:"see_also", value:"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041637");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2791");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2785");
script_set_attribute(attribute:"see_also", value:"https://security.netapp.com/advisory/ntap-20181003-0002/");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2846");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2933");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2925");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2924");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3096");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3083");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2948");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3459");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3590");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3586");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3540");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/06/28/2");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/07/06/3");
script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2019/07/06/4");
# https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a9deb46b");
# http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?13522391");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends applying updates, where available:
- RUGGEDCOM RM 1224: Update to v6.1
- RUGGEDCOM ROX II: Update to v2.13.3
- SCALANCE M-800 family: Update to v6.1
- SCALANCE S615: Update to v6.1
- SCALANCE SC-600: Update to v2.0 or later version
- SCALANCE W1700 IEEE 802.11 ac: Update to v2.0
- SCALANCE W700 IEEE 802.11a/b/g/n: Update to v6.4
- SIMATIC CP 1242-7 and 1243-1 (incl. SIPLUS NET variants): Update to v3.2
- SIMATIC CP 1243-7 LTE EU & US: Update to v3.2
- SIMATIC CP 1243-8 IRC: Update to v3.2
- SIMATIC CP 1542SP-1 and 1542SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC 1543SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants): Update to v2.2
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants): Update to v2.1
- SINEMA Remote Connect Server: Update to v2.1
- SIMATIC RF 18xC/CI: Update to v1.3 or later
Siemens has not identified any specific mitigations or workarounds and recommends following their general security
recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with
appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring
the environment according to the Siemens operational guidelines for Industrial Security and following the
recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-377115");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5391");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m-800_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_sc-600_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1700_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w700_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1242-7_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rm1224_firmware" :
{"versionEndExcluding" : "6.1", "family" : "RuggedCom"},
"cpe:/o:siemens:scalance_m-800_series_firmware" :
{"versionEndExcluding" : "6.1", "family" : "SCALANCEM"},
"cpe:/o:siemens:scalance_s615_firmware" :
{"versionEndExcluding" : "6.1", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_sc-600_series_firmware" :
{"versionEndExcluding" : "2.0", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_w1700_series_firmware" :
{"versionEndExcluding" : "2.0", "family" : "SCALANCEW"},
"cpe:/o:siemens:scalance_w700_series_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCEW"},
"cpe:/o:siemens:simatic_net_cp_1242-7_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-1_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware" :
{"versionEndExcluding" : "3.2", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1543-1_firmware" :
{"versionEndExcluding" : "2.2", "family" : "S71500"},
"cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware" :
{"versionEndExcluding" : "2.1", "family" : "S71500"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_net_cp_1543-1_firmware | cpe:/o:siemens:simatic_net_cp_1543-1_firmware | |
| siemens | simatic_net_cp_1543sp-1_firmware | cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware | |
| siemens | ruggedcom_rm1224_firmware | cpe:/o:siemens:ruggedcom_rm1224_firmware | |
| siemens | scalance_m-800_series_firmware | cpe:/o:siemens:scalance_m-800_series_firmware | |
| siemens | scalance_s615_firmware | cpe:/o:siemens:scalance_s615_firmware | |
| siemens | scalance_sc-600_series_firmware | cpe:/o:siemens:scalance_sc-600_series_firmware | |
| siemens | scalance_w1700_series_firmware | cpe:/o:siemens:scalance_w1700_series_firmware | |
| siemens | scalance_w700_series_firmware | cpe:/o:siemens:scalance_w700_series_firmware | |
| siemens | simatic_net_cp_1242-7_firmware | cpe:/o:siemens:simatic_net_cp_1242-7_firmware | |
| siemens | simatic_net_cp_1243-1_firmware | cpe:/o:siemens:simatic_net_cp_1243-1_firmware |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391
www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
www.nessus.org/u?13522391
www.nessus.org/u?a9deb46b
www.nessus.org/u?fbfb7b03
www.openwall.com/lists/oss-security/2019/06/28/2
www.openwall.com/lists/oss-security/2019/07/06/3
www.openwall.com/lists/oss-security/2019/07/06/4
www.securityfocus.com/bid/105108
www.securitytracker.com/id/1041476
www.securitytracker.com/id/1041637
access.redhat.com/errata/RHSA-2018:2785
access.redhat.com/errata/RHSA-2018:2791
access.redhat.com/errata/RHSA-2018:2846
access.redhat.com/errata/RHSA-2018:2924
access.redhat.com/errata/RHSA-2018:2925
access.redhat.com/errata/RHSA-2018:2933
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/errata/RHSA-2018:3459
access.redhat.com/errata/RHSA-2018:3540
access.redhat.com/errata/RHSA-2018:3586
access.redhat.com/errata/RHSA-2018:3590
cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
lists.debian.org/debian-lts-announce/2018/08/msg00014.html
lists.debian.org/debian-lts-announce/2019/03/msg00017.html
security.netapp.com/advisory/ntap-20181003-0002/
usn.ubuntu.com/3740-1/
usn.ubuntu.com/3740-2/
usn.ubuntu.com/3741-1/
usn.ubuntu.com/3741-2/
usn.ubuntu.com/3742-1/
usn.ubuntu.com/3742-2/
www.cisa.gov/news-events/ics-advisories/icsa-20-105-05
www.debian.org/security/2018/dsa-4272
www.kb.cert.org/vuls/id/641765
Related
nessus
nessus
F5 Networks BIG-IP : Linux kernel vulnerability (K74374841)
2019-05-29 00:00:00
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1352)
2018-10-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:18:37
huawei
huawei
Security Advisory - FragmentSmack Vulnerability in Linux Kernel
2019-01-23 00:00:00
Security Advisory - FragmentSmack Vulnerability in Linux Kernel
2020-01-15 00:00:00
attackerkb
attackerkb
CVE-2018-5391
2018-09-06 00:00:00
ibm
ibm
debian
debian
[SECURITY] [DSA 4272-1] linux security update
2018-08-14 21:52:19
[SECURITY] [DSA 4272-1] linux security update
2018-08-14 21:52:19
[SECURITY] [DLA 1466-1] linux-4.9 security update
2018-08-15 12:18:26
f5
f5
K74374841 : Linux kernel vulnerability CVE-2018-5391
2018-08-20 00:00:00
redhatcve
redhatcve
CVE-2018-5391
2020-04-02 19:57:56
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1168)
2020-01-23 00:00:00
Debian Security Advisory DSA 4272-1 (linux - security update)
2018-08-14 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1352)
2020-01-23 00:00:00
osv
osv
linux - security update
2018-08-14 00:00:00
linux-4.9 - security update
2018-08-13 00:00:00
linux-4.9 - security update
2019-03-14 00:00:00
cve
cve
CVE-2018-5391
2018-09-06 21:29:00
mscve
mscve
Windows Denial of Service Vulnerability
2018-09-11 07:00:00
akamaiblog
akamaiblog
Linux Kernel IP Vulnerability 2
2018-08-15 18:00:00
ubuntucve
ubuntucve
CVE-2018-5391
2018-08-14 00:00:00
CVE-2018-14641
2018-09-18 00:00:00
prion
prion
Design/Logic Flaw
2018-09-06 21:29:00
symantec
symantec
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2018-08-14 00:00:00
Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities
2018-11-28 08:01:01
arista
arista
Security Advisory 0037
2018-08-14 00:00:00
cisco
cisco
cert
cert
Linux kernel IP fragment re-assembly vulnerable to denial of service
2018-08-14 00:00:00
paloalto
paloalto
Information about FragmentSmack findings
2018-09-19 20:40:00
debiancve
debiancve
CVE-2018-5391
2018-09-06 21:29:00
centos
centos
kernel, perf, python security update
2018-10-09 20:23:51
bpftool, kernel, perf, python security update
2018-11-15 18:40:28
checkpoint_security
checkpoint_security
ics
ics
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)
2020-09-08 12:00:00
redhat
redhat
(RHSA-2018:3459) Important: kernel security, bug fix, and enhancement update
2018-11-06 14:46:26
(RHSA-2018:2846) Important: kernel security and bug fix update
2018-10-09 14:48:41
(RHSA-2018:2785) Important: kernel security and bug fix update
2018-09-25 19:35:35
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2018-08-14 00:00:00
Linux kernel vulnerabilities
2018-08-14 00:00:00
Linux kernel regressions
2018-08-17 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-09-22 22:23:51
Updated kernel-tmb packages fix security vulnerabilities
2018-10-27 12:45:46
Updated kernel-linus packages fix security vulnerabilities
2018-10-27 12:45:46
virtuozzo
virtuozzo
cloudfoundry
cloudfoundry
USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-08-17 00:00:00
photon
photon
citrix
citrix
Citrix Security Advisory for TCP/IP Reassembly Resource Exhaustion
2020-11-09 09:09:01
amazon
amazon
Critical: kernel
2018-08-10 20:26:00
Critical: kernel
2018-08-10 22:53:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-08-14 00:00:00
Unbreakable Enterprise kernel security update
2018-08-14 00:00:00
kernel security and bug fix update
2018-10-09 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-03-01 00:00:00
Security update for the Linux Kernel (important)
2018-08-17 12:32:52
Security update for the Linux Kernel (important)
2018-08-17 12:20:07
slackware
slackware
[slackware-security] kernel
2019-06-18 22:33:08
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-4.18.10-200.fc28
2018-10-01 02:48:25
[SECURITY] Fedora 28 Update: kernel-4.18.9-200.fc28
2018-09-22 20:52:34
[SECURITY] Fedora 28 Update: kernel-4.18.12-200.fc28
2018-10-09 03:10:43