This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-45044.NASLSiemens SIPROTEC 5 Devices Uncontrolled Resource Consumption (CVE-2022-45044)
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500719);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-45044");
script_name(english:"Siemens SIPROTEC 5 Devices Uncontrolled Resource Consumption (CVE-2022-45044)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU
variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant
CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200)
(All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All
versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All
versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All
versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All
versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All
versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All
versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions),
SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5
Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact
7SX800 devices (CPU variant CP050) (All versions). Affected devices do
not properly restrict secure client-initiated renegotiations within
the SSL and TLS protocols. This could allow an attacker to create a
denial of service condition on the ports 443/tcp and 4443/tcp for the
duration of the attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-11");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- Restrict access to ports 443/TCP and 4443/TCP to trusted only IP addresses.
Operators of critical power systems worldwide are usually required by regulations to build resilience into power grids
by applying multi-level redundant secondary protection schemes. Therefore, Siemens recommends operators check whether
appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can
thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates
using the corresponding tooling and documented procedures made available with the product. If supported by the product,
an automated means to apply the security updates across multiple product instances may be used. Siemens strongly
recommends prior validation of any security update prior to application, and supervision by trained staff of the update
process in the target environment.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to SiemensΓ’ΒΒ operational guidelines for industrial security and to follow the recommendations in
the product manuals. For more information, see the associated Siemens security advisory SSA-408105 in HTML and CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-45044");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md89_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6mu85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ke85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa87_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd87_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj81_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl87_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ss85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7st85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sx85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7um85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut82_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut86_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut87_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ve85_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7vk87_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_communication_module_ethba2el_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_compact_7sx800_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:siprotec_5_6md85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md89_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6mu85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ke85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa87_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd87_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj81_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl87_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ss85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7st85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sx85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7um85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut82_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut86_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut87_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ve85_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7vk87_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_communication_module_ethba2el_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-" :
{"family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_compact_7sx800_firmware:-" :
{"family" : "Siprotec5"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
AI Score
Confidence
High
EPSS
Percentile
38.7%