Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-25242.NASL
HistoryMay 02, 2023 - 12:00 a.m.

Siemens SIMATIC NET CP343-1 Uncontrolled Resource Consumption (CVE-2020-25242)

2023-05-0200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501100);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2020-25242");

  script_name(english:"Siemens SIMATIC NET CP343-1 Uncontrolled Resource Consumption (CVE-2020-25242)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced
(incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean
(incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard
(incl. SIPLUS variants) (All versions). Specially crafted packets sent
to TCP port 102 could cause a Denial-of-Service condition on the
affected devices. A cold restart might be necessary in order to
recover.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf");
  script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-07");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Limit access to TCP Port 102 on affected devices to specific IP addresses (e.g., with a firewall).

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the
environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the
product manual.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information about this issue, please see Siemens security advisory SSA-676775");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25242");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_343-1_advanced_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_343-1_lean_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_343-1_standard_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_net_cp_343-1_advanced_firmware" :
        {"family" : "S7300"},
    "cpe:/o:siemens:simatic_net_cp_343-1_lean_firmware" :
        {"family" : "S7300"},
    "cpe:/o:siemens:simatic_net_cp_343-1_standard_firmware" :
        {"family" : "S7300"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssimatic_net_cp_343-1_advanced_firmwarecpe:/o:siemens:simatic_net_cp_343-1_advanced_firmware
siemenssimatic_net_cp_343-1_lean_firmwarecpe:/o:siemens:simatic_net_cp_343-1_lean_firmware
siemenssimatic_net_cp_343-1_standard_firmwarecpe:/o:siemens:simatic_net_cp_343-1_standard_firmware

Related

ics 1
prion 1
cvelist 1
cve 1
ics
ics
Siemens SIMATIC NET CP343-1
2021-05-11 12:00:00
prion
prion
Design/Logic Flaw
2021-05-12 14:15:00
cvelist
cvelist
CVE-2020-25242
2021-05-12 13:18:22
cve
cve
CVE-2020-25242
2021-05-12 14:15:00
JSON
Related for TENABLE_OT_SIEMENS_CVE-2020-25242.NASL
ics1prion1cvelist1cve1