Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2019-18336.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Uncontrolled Resource Consumption (CVE-2019-18336)

2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.6%

JSON

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500360);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2019-18336");

  script_name(english:"Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Uncontrolled Resource Consumption (CVE-2019-18336)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All
versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK
840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port
102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the
system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No
user interation is required. At the time of advisory publication no public exploitation of this security vulnerability
was known.  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more
information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-070-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends the following mitigations for affected users:

- SIMATIC S7-300 CPU family: Update to Version 3.X.17

- SIMATIC TDC CP1M1: Update to v1.1.8
- SIMATIC TDC CPU555: Update to v1.1.1
- SINUMERIK 840D sl: Update to v4.8.6 (Software can be obtained from your local Siemens account manager)
- SINUMERIK 840D sl: Update to v4.94 (Software can be obtained from your local Siemens account manager)

Siemens has identified the following specific workarounds and mitigations users can apply:

- Make sure that access to Port 102/TCP is restricted (e.g., with an external firewall).

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the
environment according to SiemensҀ™ operational guidelines for industrial security and follow the recommendations in the
product manuals.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information see Siemens security advisory SSA-508982");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18336");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_313_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_314_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_315_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_tdc_cp51m1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_tdc_cpu555_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_s7-300_cpu_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_313_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_313_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_313_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_313_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware" :
        {"versionEndExcluding" : "3.0.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware:3.1" :
        {"versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware:3.2" :
        {"versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware:3.3" :
        {"versionStartIncluding" : "3.3.0", "versionEndExcluding" : "3.3.17", "family" : "S7300"},
    "cpe:/o:siemens:simatic_tdc_cp51m1_firmware" :
        {"versionEndExcluding" : "1.1.8", "family" : "TDCCP51m1"},
    "cpe:/o:siemens:simatic_tdc_cpu555_firmware" :
        {"versionEndExcluding" : "1.1.1", "family" : "TDCCPU555"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssimatic_s7-300_cpu_firmwarecpe:/o:siemens:simatic_s7-300_cpu_firmware
siemenssimatic_s7-300_cpu_312_ifm_firmwarecpe:/o:siemens:simatic_s7-300_cpu_312_ifm_firmware
siemenssimatic_s7-300_cpu_313_firmwarecpe:/o:siemens:simatic_s7-300_cpu_313_firmware
siemenssimatic_s7-300_cpu_314_firmwarecpe:/o:siemens:simatic_s7-300_cpu_314_firmware
siemenssimatic_s7-300_cpu_314_ifm_firmwarecpe:/o:siemens:simatic_s7-300_cpu_314_ifm_firmware
siemenssimatic_s7-300_cpu_315_firmwarecpe:/o:siemens:simatic_s7-300_cpu_315_firmware
siemenssimatic_s7-300_cpu_315-2_dp_firmwarecpe:/o:siemens:simatic_s7-300_cpu_315-2_dp_firmware
siemenssimatic_s7-300_cpu_316-2_dp_firmwarecpe:/o:siemens:simatic_s7-300_cpu_316-2_dp_firmware
siemenssimatic_s7-300_cpu_318-2_firmwarecpe:/o:siemens:simatic_s7-300_cpu_318-2_firmware
siemenssimatic_tdc_cp51m1_firmwarecpe:/o:siemens:simatic_tdc_cp51m1_firmware
Rows per page:
1-10 of 111

Related

ics 1
prion 1
cve 1
nessus 1
cvelist 1
nvd 1
ics
ics
Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet (Update A)
2020-07-14 12:00:00
prion
prion
Design/Logic Flaw
2020-03-10 20:15:00
cve
cve
CVE-2019-18336
2020-03-10 20:15:18
nessus
nessus
Siemens Simatic Uncontrolled Resource Consumption
2020-05-27 00:00:00
cvelist
cvelist
CVE-2019-18336
2020-03-10 19:16:17
nvd
nvd
CVE-2019-18336
2020-03-10 20:15:18

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.6%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2019-18336.NASL
ics1prion1cve1nessus1cvelist1nvd1