Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-30694.NASL
HistoryDec 16, 2022 - 12:00 a.m.

Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

2022-12-1600:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
siemens industrial controllers
web server
login page
csrf
cve-2022-30694
origin checking
tenable.ot
vulnerability
updates
workarounds

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500715);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/16");

  script_cve_id("CVE-2022-30694");

  script_name(english:"Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The login endpoint /FormLogin in affected web services does not apply
proper origin checking. This could allow authenticated remote
attackers to track the activities of other users via a login cross-
site request forgery attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has released updates for the following products and recommends updating to the latest versions: 

- SIMATIC Drive Controller Family: Update to V3.0.1 or later. 

- SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0): Update to V3.3.19 or later.
- SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0): Update to V3.2.19 or later. 

- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Update to V3.0.1 or later.
- SIMATIC S7-PLCSIM Advanced: Update to V5.0 or later. 

- SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0): Update to V3.2.19 or later.
- SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0): Update to V3.3.19 or later.
- SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0): Update to V3.2.19 or later.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Do not access the product’s web service via URLs coming from untrusted sources.
- Disable the web server if possible.
- SIMATIC PC Station (Specifically): Disable the web server. Note that this feature is disabled by default.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’
Operational Guidelines for Industrial Security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For further inquiries on security vulnerabilities in Siemens products and solutions, users should contact Siemens
ProductCERT.

For more information see Siemens Security Advisory SSA-478960 in HTML or CSAF.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-30694");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1151-8ab01-7ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1151-8fb01-2ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1314-6eh04-7ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1315-2eh14-7ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1315-2fj14-2ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1317-2ek14-7ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6ag1317-2fk14-2ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7151-8ab01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7151-8fb01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7154-8ab01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7154-8fb01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7154-8fx00-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7314-6eh04-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7315-2eh14-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7315-2fj14-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7315-7tj10-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7317-2ek14-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7317-2fk14-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7317-7tk10-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7317-7ul10-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7318-3el01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6es7318-3fl01-0ab0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1214fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1215fc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1507s_f_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1507s_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1508s_f_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1508s_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1510sp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1512c_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_151511c-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_151511f-1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_dp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_dp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_dp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518t-4_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_15pro-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_15prof-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513pro-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513prof-2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_pn%2fdp_v6_firmware:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_pn%2fdp_v7_firmware:7.0");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:6es7154-8fb01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200"},
    "cpe:/o:siemens:6es7154-8ab01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200"},
    "cpe:/o:siemens:6es7154-8fx00-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200"},
    "cpe:/o:siemens:6es7151-8ab01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200SP"},
    "cpe:/o:siemens:6es7151-8fb01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200SP"},
    "cpe:/o:siemens:6es7314-6eh04-0ab0_firmware" :
        {"versionEndExcluding" : "3.3.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7315-2eh14-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7315-2fj14-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7315-7tj10-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7317-2ek14-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7317-2fk14-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7317-7tk10-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7317-7ul10-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7318-3el01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6es7318-3fl01-0ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6ag1151-8ab01-7ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200SP"},
    "cpe:/o:siemens:6ag1151-8fb01-2ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "ET200SP"},
    "cpe:/o:siemens:6ag1314-6eh04-7ab0_firmware" :
        {"versionEndExcluding" : "3.3.19", "family" : "S7300"},
    "cpe:/o:siemens:6ag1315-2eh14-7ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6ag1315-2fj14-2ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6ag1317-2ek14-7ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:6ag1317-2fk14-2ab0_firmware" :
        {"versionEndExcluding" : "3.2.19", "family" : "S7300"},
    "cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7615-4DF10-0AB0"]},
    "cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7615-7DF10-0AB0"]},
    "cpe:/o:siemens:simatic_s7-400_pn%2fdp_v6_firmware:6.0" :
        {"versionStartIncluding" : "6.0", "versionEndIncluding" : "6.x", "family" : "S7400"},
    "cpe:/o:siemens:simatic_s7-400_pn%2fdp_v7_firmware:7.0" :
        {"versionStartIncluding" : "7.0", "versionEndIncluding" : "7.x", "family" : "S7400"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1507s_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1507s_f_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1508s_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1508s_f_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1510sp_f-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7510-1SJ00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1510sp_f-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7510-1SJ01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7510-1DJ00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7510-1DJ01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7511-1AK00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7511-1AK01-0AB0", "6ES7511-1AK02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7511-1CK00-0AB0", "6ES7511-1CK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7511-1FK00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7511-1CK00-0AB0", "6ES7511-1FK02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7511-1TK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7511-1UK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1512c-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7512-1CK00-0AB0", "6ES7512-1CK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1512sp-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7512-1DK00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1512sp-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7512-1DK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1512spf-1_pn_firmware" :
        { "family" : "S71500", "orderNumbers" : ["6ES7512-1SK00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1512spf-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7512-1SK01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7513-1AL00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7513-1AL01-0AB0", "6ES7513-1AL02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7513-1FL00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7513-1FL01-0AB0", "(6ES7513-1FL02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7513-1RL00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7515-2AM00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7515-2AM01-0AB0", "6ES7515-2AM02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7515-2FM00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7515-2FM01-0AB0", "6ES7515-2FM02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7515-2RM00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7515-2TM01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7515-2UM01-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn%2fdp_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7516-3AN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7516-3AN01-0AB0", "6ES7516-3AN02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_pn%2fdp_firmware" :
        {"family" : "S71500", "orderNumbers" : ["6ES7516-3FN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7516-3FN01-0AB0", "6ES7516-3FN02-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7516-2GN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware:-" :
        {"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7516-2PN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7516-3TN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7516-3UN00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7517-3AP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7517-3FP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_151h-3_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7517-3HP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1517t-3_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7517-3TP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7517-3UP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4AP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4AX00-1AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4FP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4FX00-1AB"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518hf-4_pn_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["(6ES7518-4JP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518t-4_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4TP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518tf-4_pn%2fdp_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4UP00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_odk_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4AP00-3AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_odk_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4FP00-3AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513pro-2_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7513-2GL00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1500_cpu_1513prof-2_firmware:-" :
        {"versionEndExcluding" : "3.0.1", "family" : "S71500", "orderNumbers" : ["6ES7513-2PL00-0AB0"]},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1214fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1215fc_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware:-" :
        {"versionEndExcluding" : "4.6.0", "family" : "S71200"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssimatic_s7-1500_cpu_1517-3_dp_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_dp_firmware:-
siemenssimatic_s7-1500_cpu_1518-4_pn%2fdp_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_firmware:-
siemenssimatic_s7-1500_cpu_1515r-2_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:-
siemenssimatic_s7-1200_cpu_12_1212fc_firmware-cpe:/o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:-
siemenssimatic_s7-400_pn%2fdp_v7_firmware7.0cpe:/o:siemens:simatic_s7-400_pn%2fdp_v7_firmware:7.0
siemenssimatic_drive_controller_cpu_1504d_tf_firmware-cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-
siemenssimatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware:-
siemenssimatic_s7-1500_cpu_1518_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1518_firmware:-
siemenssimatic_s7-1500_cpu_1511c-1_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:-
siemenssimatic_s7-1500_cpu_1512c_firmware-cpe:/o:siemens:simatic_s7-1500_cpu_1512c_firmware:-
Rows per page:
1-10 of 1081

Related

cvelist 1
ics 1
nvd 1
cve 1
prion 1
cnvd 1
cvelist
cvelist
CVE-2022-30694
2022-11-08 00:00:00
ics
ics
Siemens Web Server Login Page of Industrial Controllers (Update A)
2023-01-13 12:00:00
nvd
nvd
CVE-2022-30694
2022-11-08 11:15:10
cve
cve
CVE-2022-30694
2022-11-08 11:15:10
prion
prion
Cross site request forgery (csrf)
2022-11-08 11:15:00
cnvd
cnvd
Cross-site request forgery vulnerability in multiple Siemens products
2022-11-09 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.5%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-30694.NASL
cvelist1ics1nvd1cve1prion1cnvd1