Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-28393.NASLHistoryMar 27, 2023 - 12:00 a.m.
Siemens SCALANCE XM-400 and XR-500 Devices Incorrect Calculation (CVE-2020-28393)
2023-03-2700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
siemens
scalance
xm-400
xr-500
vulnerability
denial-of-service
ospf
firmware
0.002 Low
EPSS
Percentile
61.5%
An unauthenticated remote attacker could create a permanent denial-of- service condition by sending specially crafted OSPF packets.
Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500900);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2020-28393");
script_name(english:"Siemens SCALANCE XM-400 and XR-500 Devices Incorrect Calculation (CVE-2020-28393)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An unauthenticated remote attacker could create a permanent denial-of-
service condition by sending specially crafted OSPF packets.
Successful exploitation requires OSPF to be enabled on an affected
device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends applying updates where available:
- SCALANCE XM-400 Family: Update to v6.4 or later
- SCALANCE XR-500 Family: Update to v6.4 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Disable OSPF in layer 3 configuration menu (note OSPF is disabled by default). This vulnerability is not exploitable,
when OSPF is disabled.
- If OSPF is used, set a password for the OSPF interface and enable MD5 authentication.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in
the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-116379");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-28393");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(682);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm-400_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr-500_series_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_xm-400_series_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_xr500_series_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCEX500"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_xm-400_series_firmware | cpe:/o:siemens:scalance_xm-400_series_firmware | |
| siemens | scalance_xr-500_series_firmware | cpe:/o:siemens:scalance_xr-500_series_firmware |
Related
prion
prion
Denial of service
2021-05-12 14:15:00
ics
ics
Siemens SCALANCE XM-400 and XR-500 Devices
2021-05-11 12:00:00
cnvd
cnvd
Siemens SCALANCE XM-400 and XR-500 Devices Denial of Service Vulnerability
2021-05-12 00:00:00
cvelist
cvelist
CVE-2020-28393
2021-05-12 13:18:22
nvd
nvd
CVE-2020-28393
2021-05-12 14:15:11
cve
cve
CVE-2020-28393
2021-05-12 14:15:11