Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-24040.NASL
HistoryJan 25, 2023 - 12:00 a.m.

Siemens Desigo PXC and DXR Devices Uncontrolled Resource Consumption (CVE-2022-24040)

2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
vulnerability identification
uncontrolled resource consumption
desigo dxr2
desigo pxc3
desigo pxc4
web application
pbkdf2 derived key
denial of service
tenable.ot
scanner

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500785);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-24040");

  script_name(english:"Siemens Desigo PXC and DXR Devices Uncontrolled Resource Consumption (CVE-2022-24040)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo DXR2 (All versions <
V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo
PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions <
V02.20.142.10-10884). The web application fails to enforce an upper
bound to the cost factor of the PBKDF2 derived key during the creation
or update of an account. An attacker with the user profile access
privilege could cause a denial of service (DoS) condition through CPU
consumption by setting a PBKDF2 derived key with a remarkably high
cost effort and then attempting a login to the so-modified account.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-10");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends updating to the latest software version:

- Desigo DXR2: Update to v01.21.142.5-22 or later 
- Desigo PXC3: Update to v01.21.142.4-18 or later 
- Desigo PXC4: Update to v02.20.142.10-10884 or later 
- Desigo PXC5: Update to v02.20.142.10-10884 or later

Contact Siemens for update information.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
operational guidelines for industrial security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-626968

For additional information, please refer to Siemens Security Advisory SSA-662649");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24040");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_dxr2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc5_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:desigo_pxc5_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc4_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc3_firmware" :
        {"versionEndExcluding" : "01.21.142.4-18", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_dxr2_firmware" :
        {"versionEndExcluding" : "01.21.142.5-22", "family" : "Desigo"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemensdesigo_dxr2_firmwarecpe:/o:siemens:desigo_dxr2_firmware
siemensdesigo_pxc3_firmwarecpe:/o:siemens:desigo_pxc3_firmware
siemensdesigo_pxc4_firmwarecpe:/o:siemens:desigo_pxc4_firmware
siemensdesigo_pxc5_firmwarecpe:/o:siemens:desigo_pxc5_firmware

Related

nvd 1
prion 1
cve 1
cvelist 1
ics 1
nvd
nvd
CVE-2022-24040
2022-05-10 11:15:08
prion
prion
Input validation
2022-05-10 11:15:00
cve
cve
CVE-2022-24040
2022-05-10 11:15:08
cvelist
cvelist
CVE-2022-24040
2022-05-10 09:46:48
ics
ics
Siemens Desigo PXC and DXR Devices (Update A)
2022-06-16 12:00:00

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-24040.NASL
nvd1prion1cve1cvelist1ics1