Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-25226.NASLHistoryJan 25, 2023 - 12:00 a.m.
Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-25226)
2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500740);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2020-25226");
script_name(english:"Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-25226)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X-200 switch family
(incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT
switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The
web server of the affected devices contains a vulnerability that may
lead to a buffer overflow condition. An attacker could cause this
condition on the webserver by sending a specially crafted request. The
webserver could stop and not recover anymore.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-012-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has released updates for several affected products and recommends updating to the latest version(s). Siemens
recommends countermeasures where fixes are not currently available.
- SCALANCE X-200 switch family (incl. SIPLUS NET variants): Update to v5.2.5 or later
- SCALANCE X-300 switch family: Update to v4.1.0 or later
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): Update to v5.5.0 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Limit network traffic of web servers of SCALANCE X switches to trusted connections by firewall rules (Port 443/TCP).
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in
the product manuals. For additional information, please refer to Siemens Security Advisory SSA-139628");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25226");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(122);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_x204-2_firmware | cpe:/o:siemens:scalance_x204-2_firmware | |
| siemens | scalance_x204-2fm_firmware | cpe:/o:siemens:scalance_x204-2fm_firmware | |
| siemens | scalance_x204-2ld_firmware | cpe:/o:siemens:scalance_x204-2ld_firmware | |
| siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware | |
| siemens | scalance_x204-2ts_firmware | cpe:/o:siemens:scalance_x204-2ts_firmware | |
| siemens | scalance_x206-1_firmware | cpe:/o:siemens:scalance_x206-1_firmware | |
| siemens | scalance_x206-1ld_firmware | cpe:/o:siemens:scalance_x206-1ld_firmware | |
| siemens | scalance_x208_firmware | cpe:/o:siemens:scalance_x208_firmware | |
| siemens | scalance_x208pro_firmware | cpe:/o:siemens:scalance_x208pro_firmware | |
| siemens | scalance_x212-2_firmware | cpe:/o:siemens:scalance_x212-2_firmware |
Related
cvelist
cvelist
CVE-2020-25226
2021-01-12 20:18:33
prion
prion
Buffer overflow
2021-01-12 21:15:00
cve
cve
CVE-2020-25226
2021-01-12 21:15:16
nvd
nvd
CVE-2020-25226
2021-01-12 21:15:16
ics
ics
Siemens SCALANCE X Products (Update B)
2021-09-14 12:00:00
9.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.6%
Related for TENABLE_OT_SIEMENS_CVE-2020-25226.NASL