Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-47374.NASLHistoryJan 04, 2024 - 12:00 a.m.
Siemens SIMATIC S7-400 Uncontrolled Recursion (CVE-2022-47374)
2024-01-0400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
siemens
simatic s7-400
uncontrolled recursion
cve-2022-47374
http(s)
denial of service
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501855);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/04");
script_cve_id("CVE-2022-47374");
script_name(english:"Siemens SIMATIC S7-400 Uncontrolled Recursion (CVE-2022-47374)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC PC-Station Plus (All
versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC
S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3
PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All
versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS
S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS
S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3
PN/DP V7 (All versions). The affected products do not handle HTTP(S)
requests to the web server correctly. This could allow an attacker to
exhaust system resources and create a denial of service condition for
the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-892915.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-47374");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(674);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_cpu_412-2_pn_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_cpu_414-3_pn%2fdp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_cpu_414f-3_pn%2fdp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_cpu_416-3_pn%2fdp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_s7-400_cpu_414-3_pn%2fdp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_s7-400_cpu_416-3_pn%2fdp_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_s7-400_cpu_412-2_pn_firmware" :
{"family" : "S7400", "orderNumbers":["6ES7412-2EK07-0AB0"]},
"cpe:/o:siemens:simatic_s7-400_cpu_414-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6ES7414-3EM07-0AB0"]},
"cpe:/o:siemens:simatic_s7-400_cpu_414f-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6ES7414-3FM07-0AB0"]},
"cpe:/o:siemens:simatic_s7-400_cpu_416-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6ES7416-3ES07-0AB0"]},
"cpe:/o:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6ES7416-3FS07-0AB0"]},
"cpe:/o:siemens:siplus_s7-400_cpu_414-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6AG1414-3EM07-7AB0"]},
"cpe:/o:siemens:siplus_s7-400_cpu_416-3_pn%2fdp_firmware" :
{"family" : "S7400", "orderNumbers":["6AG1416-3ES07-7AB0"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_s7-400_cpu_412-2_pn_firmware | cpe:/o:siemens:simatic_s7-400_cpu_412-2_pn_firmware | |
| siemens | simatic_s7-400_cpu_414-3_pn%2fdp_firmware | cpe:/o:siemens:simatic_s7-400_cpu_414-3_pn%2fdp_firmware | |
| siemens | simatic_s7-400_cpu_414f-3_pn%2fdp_firmware | cpe:/o:siemens:simatic_s7-400_cpu_414f-3_pn%2fdp_firmware | |
| siemens | simatic_s7-400_cpu_416-3_pn%2fdp_firmware | cpe:/o:siemens:simatic_s7-400_cpu_416-3_pn%2fdp_firmware | |
| siemens | simatic_s7-400_cpu_416f-3_pn%2fdp_firmware | cpe:/o:siemens:simatic_s7-400_cpu_416f-3_pn%2fdp_firmware | |
| siemens | siplus_s7-400_cpu_414-3_pn%2fdp_firmware | cpe:/o:siemens:siplus_s7-400_cpu_414-3_pn%2fdp_firmware | |
| siemens | siplus_s7-400_cpu_416-3_pn%2fdp_firmware | cpe:/o:siemens:siplus_s7-400_cpu_416-3_pn%2fdp_firmware |
Related
prion
prion
Design/Logic Flaw
2023-12-12 12:15:00
cve
cve
CVE-2022-47374
2023-12-12 12:15:10
cnvd
cnvd
Siemens Web Server Denial of Service Vulnerabilities in Various Products
2023-12-13 00:00:00
cvelist
cvelist
CVE-2022-47374
2023-12-12 11:25:31
nvd
nvd
CVE-2022-47374
2023-12-12 12:15:10
ics
ics
Siemens SIMATIC and SIPLUS Products
2023-12-14 12:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
Related for TENABLE_OT_SIEMENS_CVE-2022-47374.NASL