A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501046);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2019-10942");
script_name(english:"Siemens SCALANCE X Switches Insufficient Resource Pool (CVE-2019-10942)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X-200 switch family
(incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT
switch family (incl. SIPLUS NET variants) (All versions < V5.5.0),
SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All
versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA
EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All
versions). The device contains a vulnerability that could allow an
attacker to trigger a denial-of-service condition by sending large
message packages repeatedly to the telnet service. The security
vulnerability could be exploited by an attacker with network access to
the affected systems. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the
vulnerability to compromise availability of the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-225-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has identified the following specific updates, workarounds and mitigations users can apply to reduce the risk:
- SCALANCE X-200 switch family (incl. SIPLUS NET variants): Update to v5.2.5 or later
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): Update to v5.5.0 or later
- Disable telnet service on affected devices. Users should use SSH instead.
- Restrict network access to Port 23/TCP of the device.
Siemens recommends users configure their environment according to SiemensΓ’ΒΒ operational guidelines for industrial
security and follow the recommendations in the product manuals.
Additional information on industrial security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
For more information on the vulnerability and more detailed mitigation instructions, please see Siemens security
advisory SSA-100232");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10942");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-200_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-200irt_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-204rna_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x-204rna_firmware" :
{"family" : "SCALANCEX200", "orderNumbers" : ["6GK5204-0BA00-2MB2","6GK5204-0BA00-2KB2","6GK5204-0BS00-2NA3","6GK5204-0BS00-3LA3","6GK5204-0BS00-3PA3"]},
"cpe:/o:siemens:scalance_x-200irt_series_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x-200_series_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_x-200_series_firmware | cpe:/o:siemens:scalance_x-200_series_firmware | |
siemens | scalance_x-200irt_series_firmware | cpe:/o:siemens:scalance_x-200irt_series_firmware | |
siemens | scalance_x-204rna_firmware | cpe:/o:siemens:scalance_x-204rna_firmware |