Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-26648.NASL
HistoryJul 21, 2022 - 12:00 a.m.

Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)

2022-07-2100:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests.
This could allow an unauthenticated remote attacker to crash affected devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500676);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2022-26648");

  script_name(english:"Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X200-4P IRT (All
versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT
(All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P
IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions),
SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions),
SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All
versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P
IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6),
SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All
versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6),
SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All
versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All
versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All
versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6),
SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions
< V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD
(All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6),
SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All
versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All
versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE
XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions),
SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions <
V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do
not properly validate the GET parameter XNo of incoming HTTP requests.
This could allow an unauthenticated remote attacker to crash affected
devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends updating to the latest version of its software if available:

- The products listed are only affected up to v5.2.6. Update to v5.2.6 or later

Siemens has identified the following specific workarounds and mitigations that customers can implement to reduce
exploitation risk:

- Restrict access to the affected systems, especially on port 80/TCP and port 443/TCP, to trusted IP addresses
- Deactivate the webserver if not required and if deactivation is supported by the product

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
Operational Guidelines for Industrial Security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-310038.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26648");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(120);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_x204-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2fm_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ts_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x206-1_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x206-1ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x208_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x208_pro_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x212-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x212-2ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x216_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x224_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf204_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf204-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf206-1_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf208_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x204irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x204irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf204irt_firmware" :
        {"family" : "SCALANCEX200IRT"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemensscalance_x200-4p_irt_firmwarecpe:/o:siemens:scalance_x200-4p_irt_firmware
siemensscalance_x201-3p_irt_firmwarecpe:/o:siemens:scalance_x201-3p_irt_firmware
siemensscalance_x201-3p_irt_pro_firmwarecpe:/o:siemens:scalance_x201-3p_irt_pro_firmware
siemensscalance_x202-2irt_firmwarecpe:/o:siemens:scalance_x202-2irt_firmware
siemensscalance_x202-2p_irt_firmwarecpe:/o:siemens:scalance_x202-2p_irt_firmware
siemensscalance_x202-2p_irt_pro_firmwarecpe:/o:siemens:scalance_x202-2p_irt_pro_firmware
siemensscalance_x204-2_firmwarecpe:/o:siemens:scalance_x204-2_firmware
siemensscalance_x204-2fm_firmwarecpe:/o:siemens:scalance_x204-2fm_firmware
siemensscalance_x204-2ld_firmwarecpe:/o:siemens:scalance_x204-2ld_firmware
siemensscalance_x204-2ld_ts_firmwarecpe:/o:siemens:scalance_x204-2ld_ts_firmware
Rows per page:
1-10 of 291

Related

cvelist 1
prion 1
nvd 1
cve 1
ics 1
cvelist
cvelist
CVE-2022-26648
2022-07-12 10:06:34
prion
prion
Design/Logic Flaw
2022-07-12 10:15:00
nvd
nvd
CVE-2022-26648
2022-07-12 10:15:10
cve
cve
CVE-2022-26648
2022-07-12 10:15:10
ics
ics
Siemens SCALANCE X Switch Devices
2022-07-14 12:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-26648.NASL
cvelist1prion1nvd1cve1ics1