Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-24045.NASL
HistoryJan 25, 2023 - 12:00 a.m.

Siemens Desigo PXC and DXR Devices Sensitive Cookie in Https Session Without Secure Attribute (CVE-2022-24045)

2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
siemens desigo
pxc3
pxc4
pxc5
dxr2
sensitive cookie
https session
secure attribute
cve-2022-24045
tenable.ot
vulnerability

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as Secure, HttpOnly, or SameSite). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500743);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-24045");

  script_name(english:"Siemens Desigo PXC and DXR Devices Sensitive Cookie in Https Session Without Secure Attribute (CVE-2022-24045)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo DXR2 (All versions <
V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo
PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions <
V02.20.142.10-10884). The application, after a successful login, sets
the session cookie on the browser via client-side JavaScript code,
without applying any security attributes (such as Secure,
HttpOnly, or SameSite). Any attempts to browse the application via
unencrypted HTTP protocol would lead to the transmission of all
his/her session cookies in plaintext through the network. An attacker
could then be able to sniff the network and capture sensitive
information.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-10");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends updating to the latest software version:

- Desigo DXR2: Update to v01.21.142.5-22 or later 
- Desigo PXC3: Update to v01.21.142.4-18 or later 
- Desigo PXC4: Update to v02.20.142.10-10884 or later 
- Desigo PXC5: Update to v02.20.142.10-10884 or later

Contact Siemens for update information.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
operational guidelines for industrial security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-626968

For additional information, please refer to Siemens Security Advisory SSA-662649");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24045");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(311);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_dxr2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc5_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:desigo_dxr2_firmware" :
        {"versionEndExcluding" : "01.21.142.5-22", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc3_firmware" :
        {"versionEndExcluding" : "01.21.142.4-18", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc4_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
    "cpe:/o:siemens:desigo_pxc5_firmware" :
        {"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemensdesigo_dxr2_firmwarecpe:/o:siemens:desigo_dxr2_firmware
siemensdesigo_pxc3_firmwarecpe:/o:siemens:desigo_pxc3_firmware
siemensdesigo_pxc4_firmwarecpe:/o:siemens:desigo_pxc4_firmware
siemensdesigo_pxc5_firmwarecpe:/o:siemens:desigo_pxc5_firmware

Related

prion 1
cve 1
nvd 1
cvelist 1
cnvd 1
ics 1
prion
prion
Information disclosure
2022-05-20 13:15:00
cve
cve
CVE-2022-24045
2022-05-20 13:15:14
nvd
nvd
CVE-2022-24045
2022-05-20 13:15:14
cvelist
cvelist
CVE-2022-24045
2022-05-10 09:46:56
cnvd
cnvd
Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37374)
2022-05-11 00:00:00
ics
ics
Siemens Desigo PXC and DXR Devices (Update A)
2022-06-16 12:00:00

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-24045.NASL
prion1cve1nvd1cvelist1cnvd1ics1