Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-45937.NASL
HistoryJan 25, 2023 - 12:00 a.m.

Siemens APOGEE and TALON Improper Access Control (CVE-2022-45937)

2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
siemens
apogee
talon
improper access control
cve-2022-45937
vulnerability
network access
sensitive information
user account credentials
web server
security advisory
cisa
fix
update
industrial security
operational guidelines
cve-2022-45937

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500748);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-45937");

  script_name(english:"Siemens APOGEE and TALON Improper Access Control (CVE-2022-45937)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in APOGEE PXC Series (BACnet) (All
versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions <
V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low
privilege authenticated attacker with network access to the integrated
web server could download sensitive information from the device
containing user account credentials.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-16");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens has prepared a fix and recommends updating to the following:

- APOGEE PXC Series (BACnet): Update to version 3.5.5 or later
- APOGEE PXC Series (P2 Ethernet): Update to version 2.8.20 or later
- TALON TC Series (BACnet): Update to version 3.5.5 or later

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
operational guidelines for industrial security and following the recommendations in the product manuals.  For more
information, see Siemens Security Advisory SSA-180579 in HTML or CSAF.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-45937");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc00-e96.a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc100-e96.a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc16.2-pe.a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-pe.a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-pef.a_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-per.a_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:pxc00-e96.a_firmware" :
        {"versionEndExcluding" : "3.5.5", "family" : "PxcModular"},
    "cpe:/o:siemens:pxc100-e96.a_firmware" :
        {"versionEndExcluding" : "3.5.5", "family" : "PxcModular"},
    "cpe:/o:siemens:pxc16.2-pe.a_firmware" :
        {"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
    "cpe:/o:siemens:pxc24.2-pe.a_firmware" :
        {"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
    "cpe:/o:siemens:pxc24.2-pef.a_firmware" :
        {"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
    "cpe:/o:siemens:pxc24.2-per.a_firmware" :
        {"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemenspxc00-e96.a_firmwarecpe:/o:siemens:pxc00-e96.a_firmware
siemenspxc100-e96.a_firmwarecpe:/o:siemens:pxc100-e96.a_firmware
siemenspxc16.2-pe.a_firmwarecpe:/o:siemens:pxc16.2-pe.a_firmware
siemenspxc24.2-pe.a_firmwarecpe:/o:siemens:pxc24.2-pe.a_firmware
siemenspxc24.2-pef.a_firmwarecpe:/o:siemens:pxc24.2-pef.a_firmware
siemenspxc24.2-per.a_firmwarecpe:/o:siemens:pxc24.2-per.a_firmware

Related

nvd 1
cve 1
ics 1
cnvd 1
cvelist 1
prion 1
nvd
nvd
CVE-2022-45937
2022-12-13 16:15:24
cve
cve
CVE-2022-45937
2022-12-13 16:15:24
ics
ics
Siemens APOGEE and TALON
2022-12-15 12:00:00
cnvd
cnvd
Siemens APOGEE/TALON Field Panels Privilege Management Vulnerability
2022-12-14 00:00:00
cvelist
cvelist
CVE-2022-45937
2022-12-13 00:00:00
prion
prion
Information disclosure
2022-12-13 16:15:00

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-45937.NASL
nvd1cve1ics1cnvd1cvelist1prion1