Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-36361.NASLHistorySep 21, 2023 - 12:00 a.m.
Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)
2023-09-2100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
siemens logo! 8
buffer overflow
tcp packets
cybersecurity and infrastructure security agency
industrial security
vulnerability mitigation
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.002
Percentile
54.7%
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501661);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2022-36361");
script_xref(name:"ICSA", value:"22-286-13");
script_name(english:"Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS
variants) (All versions). Affected devices do not properly validate
the structure of TCP packets in several methods. This could allow an
attacker to cause buffer overflows, get control over the instruction
counter and run custom code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not yet available:
- Only for versions prior to V8.3: Restrict access to port 10005/TCP to only trusted IP addresses.
- Only for versions including and since V8.3: Restrict access to port 8443/TCP to only trusted IP addresses.
- Restrict access to port 135/TCP to trusted IP addresses only.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens' operational guidelines for industrial security and following the recommendations in
the product manuals.
Siemens has provided additional information on industrial security.
For more information, see the associated Siemens Security Advisory SSA-955858 in HTML or CSAF formats.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-36361");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:logo%218_bm_fs-05_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:logo%21_8_bm_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:logo%21_8_bm_firmware" :
{"family" : "LOGO!BM"},
"cpe:/o:siemens:logo%218_bm_fs-05_firmware" :
{"family" : "LOGO!BM"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
cve
cve
CVE-2022-36361
2022-10-11 11:15:10
cnvd
cnvd
Siemens LOGO! 8 BM Buffer Overflow Vulnerability (CNVD-2022-89767)
2022-10-13 00:00:00
cvelist
cvelist
CVE-2022-36361
2022-10-11 00:00:00
nvd
nvd
CVE-2022-36361
2022-10-11 11:15:10
prion
prion
Buffer overflow
2022-10-11 11:15:00
ics
ics
Siemens LOGO! 8 BM Devices
2022-10-13 12:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.002
Percentile
54.7%
Related for TENABLE_OT_SIEMENS_CVE-2022-36361.NASL