Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-24041.NASL
HistoryJan 25, 2023 - 12:00 a.m.

Siemens Desigo PXC and DXR Devices Use of Password Hash with Insufficient Computational Effort (CVE-2022-24041)

2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
siemens desigo
password hash
insufficient computational effort
cve-2022-24041
web application
offline cracking
tenable.ot

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500771);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-24041");

  script_name(english:"Siemens Desigo PXC and DXR Devices Use of Password Hash with Insufficient Computational Effort (CVE-2022-24041)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo DXR2 (All versions <
V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo
PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions <
V02.20.142.10-10884). The web application stores the PBKDF2 derived
key of users passwords with a low iteration count. An attacker with
user profile access privilege can retrieve the stored password hashes
of other accounts and then successfully perform an offline cracking
attack and recover the plaintext passwords of other users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-10");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends updating to the latest software version:

- Desigo DXR2: Update to v01.21.142.5-22 or later 
- Desigo PXC3: Update to v01.21.142.4-18 or later 
- Desigo PXC4: Update to v02.20.142.10-10884 or later 
- Desigo PXC5: Update to v02.20.142.10-10884 or later

Contact Siemens for update information.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
operational guidelines for industrial security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-626968

For additional information, please refer to Siemens Security Advisory SSA-662649");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24041");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(916);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_dxr2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc5_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:desigo_pxc5_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc4_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc3_firmware" :
        {"versionEndExcluding" : "01.21.142.4-18", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_dxr2_firmware" :
        {"versionEndExcluding" : "01.21.142.5-22", "family" : "Desigo"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemensdesigo_dxr2_firmwarecpe:/o:siemens:desigo_dxr2_firmware
siemensdesigo_pxc3_firmwarecpe:/o:siemens:desigo_pxc3_firmware
siemensdesigo_pxc4_firmwarecpe:/o:siemens:desigo_pxc4_firmware
siemensdesigo_pxc5_firmwarecpe:/o:siemens:desigo_pxc5_firmware

Related

nvd 1
cve 1
prion 1
cvelist 1
ics 1
nvd
nvd
CVE-2022-24041
2022-05-10 11:15:08
cve
cve
CVE-2022-24041
2022-05-10 11:15:08
prion
prion
Default credentials
2022-05-10 11:15:00
cvelist
cvelist
CVE-2022-24041
2022-05-10 09:46:49
ics
ics
Siemens Desigo PXC and DXR Devices (Update A)
2022-06-16 12:00:00

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-24041.NASL
nvd1cve1prion1cvelist1ics1