Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-35198.NASLHistoryApr 26, 2023 - 12:00 a.m.
Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)
2023-04-2600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
9.8 High
AI Score
Confidence
High
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
SCALANCE X-200, X-200IRT, and X-300 Switch Families are affected by this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501078);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");
script_cve_id("CVE-2020-35198");
script_name(english:"Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An issue was discovered in Wind River VxWorks 7. The memory allocator
has a possible integer overflow in calculating a memory block's size
to be allocated by calloc(). As a result, the actual memory allocated
is smaller than the buffer size specified by the arguments, leading to
memory corruption.
SCALANCE X-200, X-200IRT, and X-300 Switch Families are affected by
this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://cert-portal.siemens.com/productcert/html/ssa-813746.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3be53ac");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04");
# https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4af41997");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2022.html");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
- Amazon FreeRTOS â Update available
- Apache Nuttx OS Version 9.1.0 â Update available
- ARM CMSIS-RTOS2 â Update in progress, expected in June
- ARM Mbed OS â Update available
- ARM mbed-ualloc â no longer supported and no fix will be issued
- Blackberry QNX 6.5.0SP1 â Update available. See public advisory
- Blackberry QNX OS for Safety 1.0.2 â Update available. See public advisory
- Blackberry QNX OS for Medical 1.1.1 â Update available. See public advisory
- Cesanta Software mongooses â Update available
- eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer â Update available
- Google Cloud IoT Device SDK â Update available
- Media Tek LinkIt SDK â MediaTek will provide the update to users. No fix for free version, as it is not intended for
production use.
- Micrium OS: Update to v5.10.2 or later â Update available
- Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 â Update available
- NXP MCUXpresso SDK â Update to 2.9.0 or later
- NXP MQX â update to 5.1 or newer
- Redhat newlib â Update available
- RIOT OS â Update available
- Samsung Tizen RT RTOS â Update available
- TencentOS-tiny â Update available
- Texas Instruments CC32XX â Update to v4.40.00.07
- Texas Instruments SimpleLink CC13X0 â Update to v4.10.03
- Texas Instruments SimpleLink CC13X2-CC26X2 â Update to v4.40.00
- Texas Instruments SimpleLink CC2640R2 â Update to v4.40.00
- Texas Instruments SimpleLink MSP432E4 â Confirmed. No update currently planned
- uClibc-ng â Update available
- Windriver VxWorks â Update in progress
- Windriver VxWorks â Update in progress
- The following devices use Windriver VxWorks as their RTOS:
- Hitachi Energy GMS600 â See public advisory.
- Hitachi Energy PWC600 â See public advisory.
- Hitachi Energy REB500 â See public advisory.
- Hitachi Energy Relion 670, 650 series and SAM600-IO â See public advisory
- Hitachi Energy RTU500 series CMU â Updates available for some firmware versions â See public advisory.
- Hitachi Energy Modular Switchgear Monitoring System MSM â Protect your network â See public advisory.
- Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security
advisory for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-35198");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(190);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x302-7_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x304-2fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x306-1ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-2_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh+_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1-2ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_x308-2_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x200-4p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x206-1" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x302-7_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x304-2fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x306-1ld_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-2_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3ld" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2ld" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh+" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_poe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1-2ld_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x408-2" :
{"family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_xf201-3p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xr324-12m" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-12m_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:siplus_net_scalance_x308-2" :
{"family" : "SCALANCEX300"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_x200-4p_irt_firmware | cpe:/o:siemens:scalance_x200-4p_irt_firmware | |
| siemens | scalance_x201-3p_irt_firmware | cpe:/o:siemens:scalance_x201-3p_irt_firmware | |
| siemens | scalance_x201-3p_irt_pro_firmware | cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware | |
| siemens | scalance_x202-2irt_firmware | cpe:/o:siemens:scalance_x202-2irt_firmware | |
| siemens | scalance_x202-2p_irt_firmware | cpe:/o:siemens:scalance_x202-2p_irt_firmware | |
| siemens | scalance_x202-2p_irt_pro_firmware | cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware | |
| siemens | scalance_x204-2_firmware | cpe:/o:siemens:scalance_x204-2_firmware | |
| siemens | scalance_x204-2fm_firmware | cpe:/o:siemens:scalance_x204-2fm_firmware | |
| siemens | scalance_x204-2ld_firmware | cpe:/o:siemens:scalance_x204-2ld_firmware | |
| siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware |
Related
cve
cve
CVE-2020-35198
2021-05-12 11:15:00
prion
prion
Integer overflow
2021-05-12 11:15:00
cvelist
cvelist
CVE-2020-35198
2021-05-12 10:55:47
ics
ics
Siemens SCALANCE X-200, X-200IRT, and X-300 Switch Families BadAlloc Vulnerabilities
2023-04-13 12:00:00
Multiple RTOS (Update E)
2022-04-19 12:00:00
nessus
nessus
Wind River VxWorks < 7.0 Multiple Vulnerabilities
2021-08-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00