CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
50.8%
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500050);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2019-10930");
script_xref(name:"ICSA", value:"19-190-05");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10930)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in All other SIPROTEC 5 device types with
CPU variants CP300 and CP100 and the respective Ethernet communication modules
(All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC
5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82,
7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,
7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the
respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5
device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types
with CPU variants CP200 and the respective Ethernet communication modules (All
versions). A remote attacker could use specially crafted packets sent to port
443/TCP to upload, download or delete files in certain parts of the file system.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends users upgrade to V7.90 where available and apply the following specific mitigations:
SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82,
7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the
respective Ethernet communication modules:
- Update to firmware Version 7.90. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.90â on the Siemens Industry Online
Support site. Firmware Version 7.90 for the communication modules can also be found on each device specific download
page. Applying the update causes the device / module to go through a single restart cycle.
DIGSI 5 engineering software:
- Update to DIGSI 5 v7.90 and activate the client authorization feature.
SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
- CVE-2019-10931: Update to firmware v7.59. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.59â on the Siemens Industry
Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific
download page. Applying the update causes the device/module to go through a single restart cycle.
SIPROTEC 5 device types 7SS85 and 7KE85:
- Update to Version 8.01 or later. Search for âSIPROTEC 5 - DIGSI Device Driversâ on the Siemens Industry Online Support
site. Applying the update causes the device/module to go through a single restart cycle.
DIGSI 5 engineering software:
- Update to DIGSI 5 v7.90 and activate the client authorization feature.
SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
- CVE-2019-10931: Update to firmware v7.59. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.59â on the Siemens Industry
Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific
download page. Applying the update causes the device/module to go through a single restart cycle.
All other SIPROTEC 5 device types with CPU variants CP300, CP200, and CP100 and the respective Ethernet communication
modules:
- Block access to Port 443/TCP e.g., with an external firewall.
- Activate role-based access control (RBAC) in the device (supported in SIPROTEC 5 firmware v7.80 and higher).
- Activate the DIGSI 5 connection password in the device (supported in all SIPROTEC 5 firmware versions).
For more information on this vulnerability and associated software updates, please see Siemens security advisory
SSA-899560");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10930");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(434);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md89_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7um85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7vk87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ve85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ss85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ke85_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:siprotec_5_6md85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md89_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7um85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7vk87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ve85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ss85_firmware" :
{"versionEndExcluding" : "8.01", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ke85_firmware" :
{"versionEndExcluding" : "8.01", "family" : "Siprotec5"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
50.8%