Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-28400.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Siemens PROFINET Devices Allocation of Resources Without Limits or Throttling (CVE-2020-28400)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.3%
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500533);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2020-28400");
script_name(english:"Siemens PROFINET Devices Allocation of Resources Without Limits or Throttling (CVE-2020-28400)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Affected devices contain a vulnerability that allows an
unauthenticated attacker to trigger a denial-of-service condition. The
vulnerability can be triggered if a large amount of DCP reset packets
are sent to the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has provided remediations for the following affected products:
- SCALANCE X300 switch family: Update to v4.1.4.3 or later version
- SCALANCE X408 (incl. SIPLUS Net variants): Update to v4.1.4.3 or later version
- SCALANCE W-1700 family: Update to v3.0.0 or later version
- SIMATIC NET CM 1542-1, All versions prior to v3.0: Update to v3.0 or later version
- SCALANCE X204-2 (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X204-2FM, All versions: Update to v5.2.5 or later version
- SCALANCE X204-2LD (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X204-2LD TS, All versions: Update to v5.2.5 or later version
- SCALANCE X204 -2TS, All versions: Update to v5.2.5 or later version
- SCALANCE X206-1, All versions: Update to v5.2.5 or later version
- SCALANCE X206-1LD (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X208 (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X208PRO, All versions: Update to v5.2.5 or later version
- SCALANCE X212-2, All versions: Update to v5.2.5 or later version
- SCALANCE X212-2LD, All versions: Update to v5.2.5 or later version
- SCALANCE X216, All versions: Update to v5.2.5 or later version
- SCALANCE X224, All versions: Update to v5.2.5 or later version
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: Update to v4.7or later version
- SCALANCE XR-300WG, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XB-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XP-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XC-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XF-200BA, All versions prior to v4.3: Update to v4.3 or later version
- RUGGEDCOM RM1224, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE M-800, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE S615, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE X200-4 P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X201-3P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X201-3P IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2P IRT (incl. SIPLUS NET variant), All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2P IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X204 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X204 IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF201-3P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF202-2P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF204 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF204-2BA IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XM400, All versions prior to v6.3.1: Update to v6.3.1 or later version
- SCALANCE XR500, All versions prior to v6.3.1: Update to v6.3.1 or later version
- SIMATIC MV500 family, All versions prior to v3.0: Update to v3.0 or later version
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants), All versions prior to v4.5: Update to v4.5 or later version
- SIMOCODE proV Ethernet/IP, All versions prior to v1.1.3: Update to v1.1.3 or later version
- SIMOCODE proV PROFINET, All versions prior to v2.1.3: Update to v2.1.3 or later version
Siemens has also identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Block incoming PROFINET Discovery and Configuration Protocol (PCP) packets (Ethertype 0x8892, Frame-ID: 0xfefe) from
untrusted networks.
- Disable PROFINET in products, where PROFINET is optional and not used in the environment.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in
the product manuals.
Additional information on Industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information about this vulnerability and the associated remediations, please see Siemens publication number
SSA-599968");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-28400");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(770);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m-800_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1700_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w700_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4_p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x302-7eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x304-2fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x306-1ldfe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-2eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh%2b_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-3ldfe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb-200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc-200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf-200ba_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm400_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp-200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr-300wg_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_net_cm_1542-1_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rm1224_firmware" :
{"versionEndExcluding" : "6.4", "family" : "RuggedCom"},
"cpe:/o:siemens:scalance_m-800_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCEM"},
"cpe:/o:siemens:scalance_s615_firmware" :
{"versionEndExcluding" : "6.4", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_w700_firmware" :
{"family" : "SCALANCEW"},
"cpe:/o:siemens:scalance_w1700_firmware" :
{"family" : "SCALANCEW"},
"cpe:/o:siemens:scalance_x200-4_p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x302-7eec_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x304-2fe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x306-1ldfe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-2eec_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3ld_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2ld_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh%2b_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_poe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_ts_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310fe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1fe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-3ldfe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xb-200_firmware" :
{"versionEndExcluding" : "4.3", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xc-200_firmware" :
{"versionEndExcluding" : "4.3", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf-200ba_firmware" :
{"versionEndExcluding" : "4.3", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xm400_firmware" :
{"versionEndExcluding" : "6.3.1", "family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_xp-200_firmware" :
{"versionEndExcluding" : "4.3", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xr324-4m_eec_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-12m_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-12m_ts_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr500_firmware" :
{"versionEndExcluding" : "6.3.1", "family" : "SCALANCEX500"},
"cpe:/o:siemens:scalance_xr-300wg_firmware" :
{"versionEndExcluding" : "4.3", "family" : "SCALANCEX300"},
"cpe:/o:siemens:simatic_s7-1200_firmware" :
{"versionEndExcluding" : "4.5", "family" : "S71200"},
"cpe:/o:siemens:simatic_net_cm_1542-1_firmware" :
{"versionEndExcluding" : "3.0", "family" : "S71500"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_xc-200_firmware | cpe:/o:siemens:scalance_xc-200_firmware | |
| siemens | scalance_xf-200ba_firmware | cpe:/o:siemens:scalance_xf-200ba_firmware | |
| siemens | scalance_xf201-3p_irt_firmware | cpe:/o:siemens:scalance_xf201-3p_irt_firmware | |
| siemens | scalance_xf202-2p_irt_firmware | cpe:/o:siemens:scalance_xf202-2p_irt_firmware | |
| siemens | scalance_xf204-2_firmware | cpe:/o:siemens:scalance_xf204-2_firmware | |
| siemens | scalance_xf204-2ba_irt_firmware | cpe:/o:siemens:scalance_xf204-2ba_irt_firmware | |
| siemens | scalance_xf204_firmware | cpe:/o:siemens:scalance_xf204_firmware | |
| siemens | scalance_xf204_irt_firmware | cpe:/o:siemens:scalance_xf204_irt_firmware | |
| siemens | scalance_xf206-1_firmware | cpe:/o:siemens:scalance_xf206-1_firmware | |
| siemens | scalance_xf208_firmware | cpe:/o:siemens:scalance_xf208_firmware |
Related
prion
prion
Race condition
2021-07-13 11:15:00
cve
cve
CVE-2020-28400
2021-07-13 11:15:08
ics
ics
Siemens PROFINET Devices (Update D)
2022-04-14 12:00:00
cvelist
cvelist
CVE-2020-28400
2021-07-13 11:02:49
nvd
nvd
CVE-2020-28400
2021-07-13 11:15:08
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.3%
Related for TENABLE_OT_SIEMENS_CVE-2020-28400.NASL