A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500778);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2022-40631");
script_name(english:"Siemens SCALANCE X-200 and X-200IRT Families Improper Neutralization of Input During Web Page Generation (CVE-2022-40631)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X200-4P IRT (All
versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0),
SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT
(All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0),
SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All
versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5),
SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All
versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5),
SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All
versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE
X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions <
V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2
(All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5),
SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions <
V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE
XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions <
V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA
IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions <
V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All
versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions <
V5.5.0). There is a cross-site scripting vulnerability on the affected
devices, that if used by a threat actor, it could result in session
hijacking.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-15");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has released updates for the affected products and recommends users to update to the latest versions:
- SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): Update to V5.5.0 or later
- SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): Update to V5.5.0 or later
- SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): Update to V5.5.0 or later
- SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): Update to V5.5.0 or later
- SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): Update to V5.5.0 or later
- SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): Update to V5.5.0 or later
- SCALANCE X204-2 (6GK5204-2BB10-2AA3): Update to V5.2.5 or later
- SCALANCE X204-2FM (6GK5204-2BB11-2AA3): Update to V5.2.5 or later
- SCALANCE X204-2LD (6GK5204-2BC10-2AA3): Update to V5.2.5 or later
- SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2): Update to V5.2.5 or later
- SCALANCE X204-2TS (6GK5204-2BB10-2CA2): Update to V5.2.5 or later
- SCALANCE X204IRT (6GK5204-0BA00-2BA3): Update to V5.5.0 or later
- SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6): Update to V5.5.0 or later
- SCALANCE X206-1 (6GK5206-1BB10-2AA3): Update to V5.2.5 or later
- SCALANCE X206-1LD (6GK5206-1BC10-2AA3): Update to V5.2.5 or later
- SCALANCE X208 (6GK5208-0BA10-2AA3): Update to V5.2.5 or later
- SCALANCE X208PRO (6GK5208-0HA10-2AA6): Update to V5.2.5 or later
- SCALANCE X212-2 (6GK5212-2BB00-2AA3): Update to V5.2.5 or later
- SCALANCE X212-2LD (6GK5212-2BC00-2AA3): Update to V5.2.5 or later
- SCALANCE X216 (6GK5216-0BA00-2AA3): Update to V5.2.5 or later
- SCALANCE X224 (6GK5224-0BA00-2AA3): Update to V5.2.5 or later
- SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2): Update to V5.5.0 or later
- SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2): Update to V5.5.0 or later
- SCALANCE XF204 (6GK5204-0BA00-2AF2): Update to V5.2.5 or later
- SCALANCE XF204-2 (6GK5204-2BC00-2AF2): Update to V5.2.5 or later
- SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2): Update to V5.5.0 or later
- SCALANCE XF204IRT (6GK5204-0BA00-2BF2): Update to V5.5.0 or later
- SCALANCE XF206-1 (6GK5206-1BC00-2AF2): Update to V5.2.5 or later
- SCALANCE XF208 (6GK5208-0BA00-2AF2): Update to V5.2.5 or later
- SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3): Update to V5.5.0 or later
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information, see Siemens Security Advisory SSA-501891 in HTML or CSAF formats.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40631");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:siplus_net_scalance_x202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_x200-4p_irt_firmware | cpe:/o:siemens:scalance_x200-4p_irt_firmware | |
siemens | scalance_x201-3p_irt_firmware | cpe:/o:siemens:scalance_x201-3p_irt_firmware | |
siemens | scalance_x201-3p_irt_pro_firmware | cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware | |
siemens | scalance_x202-2irt_firmware | cpe:/o:siemens:scalance_x202-2irt_firmware | |
siemens | scalance_x202-2p_irt_firmware | cpe:/o:siemens:scalance_x202-2p_irt_firmware | |
siemens | scalance_x202-2p_irt_pro_firmware | cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware | |
siemens | scalance_x204-2_firmware | cpe:/o:siemens:scalance_x204-2_firmware | |
siemens | scalance_x204-2fm_firmware | cpe:/o:siemens:scalance_x204-2fm_firmware | |
siemens | scalance_x204-2ld_firmware | cpe:/o:siemens:scalance_x204-2ld_firmware | |
siemens | scalance_x204-2ld_ts_firmware | cpe:/o:siemens:scalance_x204-2ld_ts_firmware |