Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-40226.NASL
HistoryMay 09, 2023 - 12:00 a.m.

Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)

2023-05-0900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
siemens sicam p850
siemens sicam p855
session fixation
vulnerability
cve-2022-40226
user defined session cookies
login/logout
attacker
cyber incidents
security updates
cisa
icsa-22-286-09
resilient protection measures
network access protection
grid reliability
ot asset

AI Score

8

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user’s session after login.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501121);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-40226");

  script_name(english:"Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SICAM P850 (All versions <
V3.10), SICAM P855 (All versions < V3.10). Affected devices accept
user defined session cookies and do not renew the session cookie after
login/logout. This could allow an attacker to take over another user's
session after login.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-09");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has released updates for the affected products and recommends updating to the latest versions: 

- SICAM P850 devices: Update to v3.10 or later
- SICAM P855 devices: Update to v3.10 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Avoid accessing links from untrusted sources while logged in to SICAM P850 or SICAM P855 devices

Siemens recommends operators check for appropriate resilient protection measures; the risk of cyber incidents impacting
the grid's reliability can be minimized by virtue of the grid design.

Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented
procedures made available with the product. If supported by the product, an automated application of security updates
across multiple product instances may be used. Siemens strongly recommends users to validate any security update before
application; Siemens recommends the update process be supervised by trained staff in the target environment.

As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms, such
as firewalls, network segmentation, or use of virtual private networks (VPNs). It is advised to configure the
environment according to Siemens’ operational guidelines to run the devices in a protected IT environment.

For additional resources, users should review Siemens’ security guidelines.

For more information, see Siemens Security Advisory SSA-572005 in HTML or CSAF.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40226");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(384);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa00-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa00-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa10-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa10-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa30-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8500-0aa30-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa01-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa01-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa02-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa02-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa11-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa11-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa12-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa12-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa31-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa31-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa32-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8501-0aa32-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa00-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa00-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa10-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa10-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa30-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8550-0aa30-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa01-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa01-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa02-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa02-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa11-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa11-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa12-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa12-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa31-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa31-2aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa32-0aa0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:7kg8551-0aa32-2aa0_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:7kg8500-0aa00-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8500-0aa00-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8500-0aa10-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8500-0aa10-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8500-0aa30-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8500-0aa30-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa01-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa01-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa02-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa02-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa11-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa11-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa12-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa12-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa31-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa31-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa32-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8501-0aa32-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP850"},
    "cpe:/o:siemens:7kg8550-0aa00-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8550-0aa00-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8550-0aa10-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8550-0aa10-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8550-0aa30-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8550-0aa30-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa01-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa01-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa02-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa02-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa11-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa11-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa12-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa12-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa31-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa31-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa32-0aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"},
    "cpe:/o:siemens:7kg8551-0aa32-2aa0_firmware" :
        {"versionEndExcluding" : "3.10", "family" : "SicamP855"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Related

prion 1
cve 1
cnvd 1
nvd 1
cvelist 1
ics 1
prion
prion
Design/Logic Flaw
2022-10-11 11:15:00
cve
cve
CVE-2022-40226
2022-10-11 11:15:10
cnvd
cnvd
Multiple Siemens Products Access Control Error Vulnerabilities
2022-10-13 00:00:00
nvd
nvd
CVE-2022-40226
2022-10-11 11:15:10
cvelist
cvelist
CVE-2022-40226
2022-10-11 00:00:00
ics
ics
Siemens SICAM P850 and P855 Devices (Update A)
2022-12-15 12:00:00

AI Score

8

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-40226.NASL
prion1cve1cnvd1nvd1cvelist1ics1