Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-26649.NASL
HistoryJul 21, 2022 - 12:00 a.m.

Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26649)

2022-07-2100:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500677);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2022-26649");

  script_name(english:"Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26649)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X200-4P IRT (All
versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT
(All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P
IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions),
SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions),
SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All
versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P
IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6),
SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All
versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6),
SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All
versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All
versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All
versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6),
SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions
< V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD
(All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6),
SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All
versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All
versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE
XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions),
SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions <
V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do
not properly validate the URI of incoming HTTP GET requests. This
could allow an unauthenticated remote attacker to crash affected
devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends updating to the latest version of its software if available:

- The products listed are only affected up to v5.2.6. Update to v5.2.6 or later

Siemens has identified the following specific workarounds and mitigations that customers can implement to reduce
exploitation risk:

- Restrict access to the affected systems, especially on port 80/TCP and port 443/TCP, to trusted IP addresses
- Deactivate the webserver if not required and if deactivation is supported by the product

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
Operational Guidelines for Industrial Security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-310038.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26649");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(120);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_x204-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2fm_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x204-2ts_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x206-1_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x206-1ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x208_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x208_pro_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x212-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x212-2ld_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x216_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x224_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf204_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf204-2_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf206-1_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_xf208_firmware" :
        {"versionEndExcluding" : "5.2.6", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x204irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x204irt_pro_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
        {"family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_xf204irt_firmware" :
        {"family" : "SCALANCEX200IRT"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemensscalance_xf202-2p_irt_firmwarecpe:/o:siemens:scalance_xf202-2p_irt_firmware
siemensscalance_x204-2ld_ts_firmwarecpe:/o:siemens:scalance_x204-2ld_ts_firmware
siemensscalance_x224_firmwarecpe:/o:siemens:scalance_x224_firmware
siemensscalance_xf204-2ba_irt_firmwarecpe:/o:siemens:scalance_xf204-2ba_irt_firmware
siemensscalance_x206-1_firmwarecpe:/o:siemens:scalance_x206-1_firmware
siemensscalance_x208_pro_firmwarecpe:/o:siemens:scalance_x208_pro_firmware
siemensscalance_xf206-1_firmwarecpe:/o:siemens:scalance_xf206-1_firmware
siemensscalance_x204-2ts_firmwarecpe:/o:siemens:scalance_x204-2ts_firmware
siemensscalance_x204irt_firmwarecpe:/o:siemens:scalance_x204irt_firmware
siemensscalance_x206-1ld_firmwarecpe:/o:siemens:scalance_x206-1ld_firmware
Rows per page:
1-10 of 291

Related

cvelist 1
prion 1
nvd 1
cve 1
ics 1
cvelist
cvelist
CVE-2022-26649
2022-07-12 10:06:35
prion
prion
Design/Logic Flaw
2022-07-12 10:15:00
nvd
nvd
CVE-2022-26649
2022-07-12 10:15:10
cve
cve
CVE-2022-26649
2022-07-12 10:15:10
ics
ics
Siemens SCALANCE X Switch Devices
2022-07-14 12:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

9.6 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-26649.NASL
cvelist1prion1nvd1cve1ics1