Lucene search

HistorySep 21, 2023 - 12:00 a.m.

Siemens LOGO! 8 BM Devices Improper Input Validation (CVE-2022-36362)

2023-09-2100:00:00

www.tenable.com

siemens

logo! 8 bm

improper input validation

cve-2022-36362

tenable

asset

vulnerability

remote

ip address

manipulation

unauthenticated

attack

power cycling

tenable.ot

cisa

ics

advisory

port restriction

industrial security

mechanisms

network access

security advisory

exploit

publication date

cpe

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501664);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");

  script_cve_id("CVE-2022-36362");
  script_xref(name:"ICSA", value:"22-286-13");

  script_name(english:"Siemens LOGO! 8 BM Devices Improper Input Validation (CVE-2022-36362)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS
variants) (All versions). Affected devices do not conduct certain
validations when interacting with them. This could allow an
unauthenticated remote attacker to manipulate the devices IP address,
which means the device would not be reachable and could only be
recovered by power cycling the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-13");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens is preparing updates and recommends specific countermeasures for products where updates are not yet available:

- Only for versions prior to V8.3: Restrict access to port 10005/TCP to only trusted IP addresses.
- Only for versions including and since V8.3: Restrict access to port 8443/TCP to only trusted IP addresses.
- Restrict access to port 135/TCP to trusted IP addresses only.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens' operational guidelines for industrial security and following the recommendations in
the product manuals.

Siemens has provided additional information on industrial security. 

For more information, see the associated Siemens Security Advisory SSA-955858 in HTML or CSAF formats.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-36362");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:logo%218_bm_fs-05_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:logo%21_8_bm_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:logo%21_8_bm_firmware" :
        {"family" : "LOGO!BM"},
    "cpe:/o:siemens:logo%218_bm_fs-05_firmware" :
        {"family" : "LOGO!BM"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36362

cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf

www.cisa.gov/news-events/ics-advisories/icsa-22-286-13

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

59.4%

JSON

Related for TENABLE_OT_SIEMENS_CVE-2022-36362.NASL