7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.6%
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute- force session ids and hijack existing sessions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500678);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-26647");
script_name(english:"Siemens SCALANCE X Switch Devices Use of Insufficiently Random Values (CVE-2022-26647)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X200-4P IRT (All
versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT
(All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P
IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions),
SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions),
SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All
versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P
IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6),
SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All
versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6),
SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All
versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All
versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All
versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6),
SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions
< V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD
(All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6),
SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All
versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All
versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE
XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions),
SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions <
V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of
affected devices calculates session ids and nonces in an insecure
manner. This could allow an unauthenticated remote attacker to brute-
force session ids and hijack existing sessions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends updating to the latest version of its software if available:
- The products listed are only affected up to v5.2.6. Update to v5.2.6 or later
Siemens has identified the following specific workarounds and mitigations that customers can implement to reduce
exploitation risk:
- Restrict access to the affected systems, especially on port 80/TCP and port 443/TCP, to trusted IP addresses
- Deactivate the webserver if not required and if deactivation is supported by the product
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
Operational Guidelines for Industrial Security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information see Siemens Security Advisory SSA-310038.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26647");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(330);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_pro_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_xf202-2p_irt_firmware | cpe:/o:siemens:scalance_xf202-2p_irt_firmware | |
siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware | |
siemens | scalance_x224_firmware | cpe:/o:siemens:scalance_x224_firmware | |
siemens | scalance_xf204-2ba_irt_firmware | cpe:/o:siemens:scalance_xf204-2ba_irt_firmware | |
siemens | scalance_x206-1_firmware | cpe:/o:siemens:scalance_x206-1_firmware | |
siemens | scalance_x208_pro_firmware | cpe:/o:siemens:scalance_x208_pro_firmware | |
siemens | scalance_xf206-1_firmware | cpe:/o:siemens:scalance_xf206-1_firmware | |
siemens | scalance_x204-2ts_firmware | cpe:/o:siemens:scalance_x204-2ts_firmware | |
siemens | scalance_x204irt_firmware | cpe:/o:siemens:scalance_x204irt_firmware | |
siemens | scalance_x206-1ld_firmware | cpe:/o:siemens:scalance_x206-1ld_firmware |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.6%