An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
SCALANCE X-200, X-200IRT, and X-300 Switch Families are affected by this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501078);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");
script_cve_id("CVE-2020-35198");
script_name(english:"Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An issue was discovered in Wind River VxWorks 7. The memory allocator
has a possible integer overflow in calculating a memory block's size
to be allocated by calloc(). As a result, the actual memory allocated
is smaller than the buffer size specified by the arguments, leading to
memory corruption.
SCALANCE X-200, X-200IRT, and X-300 Switch Families are affected by
this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://cert-portal.siemens.com/productcert/html/ssa-813746.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3be53ac");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04");
# https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4af41997");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2022.html");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
- Amazon FreeRTOS â Update available
- Apache Nuttx OS Version 9.1.0 â Update available
- ARM CMSIS-RTOS2 â Update in progress, expected in June
- ARM Mbed OS â Update available
- ARM mbed-ualloc â no longer supported and no fix will be issued
- Blackberry QNX 6.5.0SP1 â Update available. See public advisory
- Blackberry QNX OS for Safety 1.0.2 â Update available. See public advisory
- Blackberry QNX OS for Medical 1.1.1 â Update available. See public advisory
- Cesanta Software mongooses â Update available
- eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer â Update available
- Google Cloud IoT Device SDK â Update available
- Media Tek LinkIt SDK â MediaTek will provide the update to users. No fix for free version, as it is not intended for
production use.
- Micrium OS: Update to v5.10.2 or later â Update available
- Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 â Update available
- NXP MCUXpresso SDK â Update to 2.9.0 or later
- NXP MQX â update to 5.1 or newer
- Redhat newlib â Update available
- RIOT OS â Update available
- Samsung Tizen RT RTOS â Update available
- TencentOS-tiny â Update available
- Texas Instruments CC32XX â Update to v4.40.00.07
- Texas Instruments SimpleLink CC13X0 â Update to v4.10.03
- Texas Instruments SimpleLink CC13X2-CC26X2 â Update to v4.40.00
- Texas Instruments SimpleLink CC2640R2 â Update to v4.40.00
- Texas Instruments SimpleLink MSP432E4 â Confirmed. No update currently planned
- uClibc-ng â Update available
- Windriver VxWorks â Update in progress
- Windriver VxWorks â Update in progress
- The following devices use Windriver VxWorks as their RTOS:
- Hitachi Energy GMS600 â See public advisory.
- Hitachi Energy PWC600 â See public advisory.
- Hitachi Energy REB500 â See public advisory.
- Hitachi Energy Relion 670, 650 series and SAM600-IO â See public advisory
- Hitachi Energy RTU500 series CMU â Updates available for some firmware versions â See public advisory.
- Hitachi Energy Modular Switchgear Monitoring System MSM â Protect your network â See public advisory.
- Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security
advisory for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-35198");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(190);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x302-7_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x304-2fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x306-1ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-2_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh+_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1-2ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-12m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_x308-2_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x200-4p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x206-1" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x302-7_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x304-2fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x306-1ld_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-2_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3ld" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2ld" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh+" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_poe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1-2ld_fe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x408-2" :
{"family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_xf201-3p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xr324-12m" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-12m_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_eec" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_xr324-4m_poe_ts" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt" :
{"versionEndExcluding" : "5.5.2", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:siplus_net_scalance_x308-2" :
{"family" : "SCALANCEX300"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_x200-4p_irt_firmware | cpe:/o:siemens:scalance_x200-4p_irt_firmware | |
siemens | scalance_x201-3p_irt_firmware | cpe:/o:siemens:scalance_x201-3p_irt_firmware | |
siemens | scalance_x201-3p_irt_pro_firmware | cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware | |
siemens | scalance_x202-2irt_firmware | cpe:/o:siemens:scalance_x202-2irt_firmware | |
siemens | scalance_x202-2p_irt_firmware | cpe:/o:siemens:scalance_x202-2p_irt_firmware | |
siemens | scalance_x202-2p_irt_pro_firmware | cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware | |
siemens | scalance_x204-2_firmware | cpe:/o:siemens:scalance_x204-2_firmware | |
siemens | scalance_x204-2fm_firmware | cpe:/o:siemens:scalance_x204-2fm_firmware | |
siemens | scalance_x204-2ld_firmware | cpe:/o:siemens:scalance_x204-2ld_firmware | |
siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware |