Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2019-10931.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10931)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.6%
A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions <V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500202);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2019-10931");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10931)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in All other SIPROTEC 5 device types with
CPU variants CP300 and CP100 and the respective Ethernet communication modules
(All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC
5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82,
7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,
7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the
respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5
device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types
with CPU variants CP200 and the respective Ethernet communication modules (All
versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective
Ethernet communication modules (All versions <V7.59). Specially crafted packets
sent to port 443/TCP could cause a Denial of Service condition.
This plugin only
works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-190-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends users upgrade to V7.90 where available and apply the following specific mitigations:
SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82,
7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the
respective Ethernet communication modules:
- Update to firmware Version 7.90. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.90â on the Siemens Industry Online
Support site. Firmware Version 7.90 for the communication modules can also be found on each device specific download
page. Applying the update causes the device / module to go through a single restart cycle.
DIGSI 5 engineering software:
- Update to DIGSI 5 v7.90 and activate the client authorization feature.
SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
- CVE-2019-10931: Update to firmware v7.59. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.59â on the Siemens Industry
Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific
download page. Applying the update causes the device/module to go through a single restart cycle.
SIPROTEC 5 device types 7SS85 and 7KE85:
- Update to Version 8.01 or later. Search for âSIPROTEC 5 - DIGSI Device Driversâ on the Siemens Industry Online Support
site. Applying the update causes the device/module to go through a single restart cycle.
DIGSI 5 engineering software:
- Update to DIGSI 5 v7.90 and activate the client authorization feature.
SIPROTEC 5 with CPU variants CP200 and the respective Ethernet communication modules
- CVE-2019-10931: Update to firmware v7.59. Search for âSIPROTEC 5 - DIGSI Device Drivers v7.59â on the Siemens Industry
Online Support site. The firmware version v7.59 for the communication modules can also be found on each device specific
download page. Applying the update causes the device/module to go through a single restart cycle.
All other SIPROTEC 5 device types with CPU variants CP300, CP200, and CP100 and the respective Ethernet communication
modules:
- Block access to Port 443/TCP e.g., with an external firewall.
- Activate role-based access control (RBAC) in the device (supported in SIPROTEC 5 firmware v7.80 and higher).
- Activate the DIGSI 5 connection password in the device (supported in all SIPROTEC 5 firmware versions).
For more information on this vulnerability and associated software updates, please see Siemens security advisory
SSA-899560");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10931");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md89_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7um85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7vk87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ve85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ss85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ke85_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:siprotec_5_6md85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md89_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7um85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7vk87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut82_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut86_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut87_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ve85_firmware" :
{"versionEndExcluding" : "7.90", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ss85_firmware" :
{"versionEndExcluding" : "8.01", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ke85_firmware" :
{"versionEndExcluding" : "8.01", "family" : "Siprotec5"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | siprotec_5_6md85_firmware | cpe:/o:siemens:siprotec_5_6md85_firmware | |
| siemens | siprotec_5_6md86_firmware | cpe:/o:siemens:siprotec_5_6md86_firmware | |
| siemens | siprotec_5_6md89_firmware | cpe:/o:siemens:siprotec_5_6md89_firmware | |
| siemens | siprotec_5_7um85_firmware | cpe:/o:siemens:siprotec_5_7um85_firmware | |
| siemens | siprotec_5_7sa87_firmware | cpe:/o:siemens:siprotec_5_7sa87_firmware | |
| siemens | siprotec_5_7sd87_firmware | cpe:/o:siemens:siprotec_5_7sd87_firmware | |
| siemens | siprotec_5_7sl87_firmware | cpe:/o:siemens:siprotec_5_7sl87_firmware | |
| siemens | siprotec_5_7vk87_firmware | cpe:/o:siemens:siprotec_5_7vk87_firmware | |
| siemens | siprotec_5_7sa82_firmware | cpe:/o:siemens:siprotec_5_7sa82_firmware | |
| siemens | siprotec_5_7sa86_firmware | cpe:/o:siemens:siprotec_5_7sa86_firmware |
Related
nessus
nessus
Siemens Digsi Improper Input Validation
2019-11-08 00:00:00
Siemens SIPROTEC 5 and DIGSI 5 Improper Input Validation (CVE-2019-10930)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2019-10931
2019-07-11 21:17:47
prion
prion
Race condition
2019-07-11 22:15:00
cve
cve
CVE-2019-10931
2019-07-11 22:15:11
nvd
nvd
CVE-2019-10931
2019-07-11 22:15:11
ics
ics
Siemens SIPROTEC 5 and DIGSI 5 (Update C)
2020-05-12 12:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
42.6%
Related for TENABLE_OT_SIEMENS_CVE-2019-10931.NASL