7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
8.2 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.9%
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests.
This could allow an unauthenticated remote attacker to crash affected devices.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500676);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2022-26648");
script_name(english:"Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X200-4P IRT (All
versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT
(All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P
IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions),
SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions),
SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All
versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P
IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6),
SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All
versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6),
SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All
versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All
versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All
versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6),
SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions
< V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD
(All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6),
SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All
versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All
versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE
XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions),
SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions <
V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do
not properly validate the GET parameter XNo of incoming HTTP requests.
This could allow an unauthenticated remote attacker to crash affected
devices.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-01");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends updating to the latest version of its software if available:
- The products listed are only affected up to v5.2.6. Update to v5.2.6 or later
Siemens has identified the following specific workarounds and mitigations that customers can implement to reduce
exploitation risk:
- Restrict access to the affected systems, especially on port 80/TCP and port 443/TCP, to trusted IP addresses
- Deactivate the webserver if not required and if deactivation is supported by the product
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
Operational Guidelines for Industrial Security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information see Siemens Security Advisory SSA-310038.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26648");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_pro_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt_firmware" :
{"family" : "SCALANCEX200IRT"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_x200-4p_irt_firmware | cpe:/o:siemens:scalance_x200-4p_irt_firmware | |
siemens | scalance_x201-3p_irt_firmware | cpe:/o:siemens:scalance_x201-3p_irt_firmware | |
siemens | scalance_x201-3p_irt_pro_firmware | cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware | |
siemens | scalance_x202-2irt_firmware | cpe:/o:siemens:scalance_x202-2irt_firmware | |
siemens | scalance_x202-2p_irt_firmware | cpe:/o:siemens:scalance_x202-2p_irt_firmware | |
siemens | scalance_x202-2p_irt_pro_firmware | cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware | |
siemens | scalance_x204-2_firmware | cpe:/o:siemens:scalance_x204-2_firmware | |
siemens | scalance_x204-2fm_firmware | cpe:/o:siemens:scalance_x204-2fm_firmware | |
siemens | scalance_x204-2ld_firmware | cpe:/o:siemens:scalance_x204-2ld_firmware | |
siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware |
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
8.2 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.9%