Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-27827.NASL
HistoryMay 02, 2023 - 12:00 a.m.

Siemens Industrial Products LLDP Uncontrolled Resource Consumption (CVE-2020-27827)

2023-05-0200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501104);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");

  script_cve_id("CVE-2020-27827");
  script_xref(name:"FEDORA", value:"FEDORA-2023-88991d2713");
  script_xref(name:"FEDORA", value:"FEDORA-2023-c0c184a019");
  script_xref(name:"FEDORA", value:"FEDORA-2023-3e4feeadec");

  script_name(english:"Siemens Industrial Products LLDP Uncontrolled Resource Consumption (CVE-2020-27827)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A flaw was found in multiple versions of OpenvSwitch. Specially
crafted LLDP packets can cause memory to be lost when allocating data
to handle specific optional TLVs, potentially causing a denial of
service. The highest threat from this vulnerability is to system
availability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1921438");
  # https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3b388ce3");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf");
  script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07bb5e91");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8cd78877");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c22f2553");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has released updates for the following products:

- SIMATIC HMI Unified Comfort Panels: Update to v17 or later
- TIM 1531 IRC (incl. SIPLUS NET variants): Update to v2.2 or later
- SIMATIC NET CP 1545-1: Update to v1.1 or later

- SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): Update to v3.3.46 or later
- SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Update to v3.3.46 or later

- SIMATIC CP 1243-1 (incl. SIPLUS variants) (6GK7243-1BX30-0XE0): Update to v3.3.46 or later
- SIMATIC NET CP 1243-8 IRC (6GK7243-8RX30-0XE0): Update to v3.3.46 or later
- SINUMERIK ONE MCP: Update to v2.0.1 or later. Please contact a Siemens representative for information on how to obtain
the update.
- SIMATIC NET CP 1543-1: Update to v3.0 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Disable LLDP protocol support on Ethernet port. This will potentially disrupt the network visibility.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens Operational Guidelines for Industrial Security and following the recommendations in the
product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

Please see Siemens Security Advisory SSA-941426 for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27827");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cp_1545-1_firmware:-");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_net_cp_1243-1_firmware:-" :
        {"versionEndExcluding" : "3.3.46", "family" : "S71200"},
    "cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware:-" :
        {"versionEndExcluding" : "3.3.46", "family" : "S71200"},
    "cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware:-" :
        {"versionEndExcluding" : "2.2.28", "family" : "S71500"},
    "cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-" :
        {"versionEndExcluding" : "2.2.28", "family" : "S71500"},
    "cpe:/o:siemens:simatic_net_cp_1543-1_firmware:-" :
        {"versionEndExcluding" : "3.0", "family" : "S71500"},
    "cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware:-" :
        {"versionEndExcluding" : "2.2.28", "family" : "S71500"},
    "cpe:/o:siemens:simatic_net_cp_1545-1_firmware:-" :
        {"versionEndExcluding" : "1.1", "family" : "S71500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssimatic_net_cp_1243-1_firmware-cpe:/o:siemens:simatic_net_cp_1243-1_firmware:-
siemenssimatic_net_cp_1243-8_irc_firmware-cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware:-
siemenssimatic_net_cp_1542sp-1_firmware-cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware:-
siemenssimatic_net_cp_1542sp-1_irc_firmware-cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-
siemenssimatic_net_cp_1543-1_firmware-cpe:/o:siemens:simatic_net_cp_1543-1_firmware:-
siemenssimatic_net_cp_1543sp-1_firmware-cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware:-
siemenssimatic_net_cp_1545-1_firmware-cpe:/o:siemens:simatic_net_cp_1545-1_firmware:-

Related

photon 8
nessus 29
cve 1
openvas 17
suse 1
veracode 1
redhat 10
debiancve 1
alpinelinux 1
osv 5
cbl_mariner 3
redhatcve 1
archlinux 2
prion 1
ubuntucve 1
fedora 5
debian 4
ubuntu 1
ics 1
gentoo 1
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0381
2021-04-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0335
2021-04-07 00:00:00
Important Photon OS Security Update - PHSA-2021-0335
2021-04-07 00:00:00
nessus
nessus
SUSE SLES12 Security Update : openvswitch (SUSE-SU-2021:0297-1)
2021-02-04 00:00:00
openSUSE Security Update : openvswitch (openSUSE-2021-239)
2021-02-08 00:00:00
RHEL 8 : Red Hat Virtualization Host security, update (4.4.4-2) (Moderate) (RHSA-2021:0976)
2021-03-24 00:00:00
cve
cve
CVE-2020-27827
2021-03-18 17:15:00
openvas
openvas
openSUSE: Security Advisory for openvswitch (openSUSE-SU-2021:0239-1)
2021-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0277-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0297-1)
2021-04-19 00:00:00
suse
suse
Security update for openvswitch (important)
2021-02-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-01-14 16:37:28
redhat
redhat
(RHSA-2021:0976) Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2)
2021-03-23 18:36:22
(RHSA-2021:1051) Moderate: RHV-H enhancement and security update (redhat-virtualization-host) 4.3.14
2021-03-31 12:24:54
(RHSA-2021:1050) Moderate: openvswitch2.11 security update
2021-03-31 12:24:44
debiancve
debiancve
CVE-2020-27827
2021-03-18 17:15:00
alpinelinux
alpinelinux
CVE-2020-27827
2021-03-18 17:15:00
osv
osv
CVE-2020-27827
2021-03-18 17:15:13
lldpd - security update
2023-04-10 00:00:00
openvswitch vulnerabilities
2021-01-13 17:15:51
cbl_mariner
cbl_mariner
CVE-2020-27827 affecting package openvswitch 2.12.0-3
2021-05-06 23:56:49
CVE-2020-27827 affecting package lldpd for versions less than 1.0.14-1
2022-08-31 06:17:55
CVE-2020-27827 affecting package lldpd 1.0.4-3
2024-05-10 15:59:04
redhatcve
redhatcve
CVE-2020-27827
2021-01-28 02:24:31
archlinux
archlinux
[ASA-202101-29] lldpd: information disclosure
2021-01-20 00:00:00
[ASA-202101-28] openvswitch: multiple issues
2021-01-20 00:00:00
prion
prion
Denial of service
2021-03-18 17:15:00
ubuntucve
ubuntucve
CVE-2020-27827
2021-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: lldpd-1.0.16-1.fc36
2023-04-20 05:24:35
[SECURITY] Fedora 38 Update: lldpd-1.0.16-1.fc38
2023-04-19 01:40:28
[SECURITY] Fedora 37 Update: lldpd-1.0.16-1.fc37
2023-04-20 02:54:39
debian
debian
[SECURITY] [DSA 4836-1] openvswitch security update
2021-01-22 18:52:36
[SECURITY] [DLA 3389-1] lldpd security update
2023-04-12 15:18:24
[SECURITY] [DLA 3388-1] lldpd security update
2023-04-10 17:00:25
ubuntu
ubuntu
Open vSwitch vulnerabilities
2021-01-13 00:00:00
ics
ics
Siemens Industrial Products LLDP (Update D)
2022-08-18 12:00:00
gentoo
gentoo
Open vSwitch: Multiple Vulnerabilities
2023-11-26 00:00:00
JSON
Related for TENABLE_OT_SIEMENS_CVE-2020-27827.NASL
photon8nessus29cve1openvas17suse1veracode1redhat10debiancve1alpinelinux1osv5cbl_mariner3redhatcve1archlinux2prion1ubuntucve1fedora5debian4ubuntu1ics1gentoo1