A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500748);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-45937");
script_name(english:"Siemens APOGEE and TALON Improper Access Control (CVE-2022-45937)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in APOGEE PXC Series (BACnet) (All
versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions <
V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low
privilege authenticated attacker with network access to the integrated
web server could download sensitive information from the device
containing user account credentials.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-16");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has prepared a fix and recommends updating to the following:
- APOGEE PXC Series (BACnet): Update to version 3.5.5 or later
- APOGEE PXC Series (P2 Ethernet): Update to version 2.8.20 or later
- TALON TC Series (BACnet): Update to version 3.5.5 or later
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
operational guidelines for industrial security and following the recommendations in the product manuals. For more
information, see Siemens Security Advisory SSA-180579 in HTML or CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-45937");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc00-e96.a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc100-e96.a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc16.2-pe.a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-pe.a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-pef.a_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:pxc24.2-per.a_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:pxc00-e96.a_firmware" :
{"versionEndExcluding" : "3.5.5", "family" : "PxcModular"},
"cpe:/o:siemens:pxc100-e96.a_firmware" :
{"versionEndExcluding" : "3.5.5", "family" : "PxcModular"},
"cpe:/o:siemens:pxc16.2-pe.a_firmware" :
{"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
"cpe:/o:siemens:pxc24.2-pe.a_firmware" :
{"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
"cpe:/o:siemens:pxc24.2-pef.a_firmware" :
{"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"},
"cpe:/o:siemens:pxc24.2-per.a_firmware" :
{"versionEndExcluding" : "2.8.20", "family" : "PxcCompact"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | pxc00-e96.a_firmware | cpe:/o:siemens:pxc00-e96.a_firmware | |
siemens | pxc100-e96.a_firmware | cpe:/o:siemens:pxc100-e96.a_firmware | |
siemens | pxc16.2-pe.a_firmware | cpe:/o:siemens:pxc16.2-pe.a_firmware | |
siemens | pxc24.2-pe.a_firmware | cpe:/o:siemens:pxc24.2-pe.a_firmware | |
siemens | pxc24.2-pef.a_firmware | cpe:/o:siemens:pxc24.2-pef.a_firmware | |
siemens | pxc24.2-per.a_firmware | cpe:/o:siemens:pxc24.2-per.a_firmware |