Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2023-28766.NASLHistoryMay 16, 2023 - 12:00 a.m.
Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)
2023-05-1600:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
siemens
siprotec 5
null pointer dereference
vulnerability
http request
denial of service
tenable.ot
remote attacker
web service.
0.002 Low
EPSS
Percentile
54.6%
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501142);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2023-28766");
script_name(english:"Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All
versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5
6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions <
V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85
(CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All
versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5
7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions <
V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86
(CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions <
V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87
(CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All
versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5
7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions),
SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87
(CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions <
V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81
(CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All
versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5
7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions <
V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86
(CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All
versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5
7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions <
V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82
(CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All
versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5
7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions <
V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85
(CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All
versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86
(CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions
< V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5
7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All
versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5
7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions <
V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86
(CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All
versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5
7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All
versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5
7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module
ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module
ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module
ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050)
(All versions < V9.40). Affected devices lack proper validation of
http request parameters of the hosted web service. An unauthenticated
remote attacker could send specially crafted packets that could cause
denial of service condition of the target device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-06");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens
recommends specific countermeasures for products where updates are not, or not yet, available:
- SIPROTEC 5 6MD85 (CP300): Update to v9.40 or later
- SIPROTEC 5 6MD86 (CP300): Update to v9.40 or later
- SIPROTEC 5 6MU85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7KE85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SA82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SA86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SA87 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SD82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SD86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SD87 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SJ81 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SJ82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SJ85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SJ86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SK82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SK85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SL82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SL86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SL87 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SS85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7ST86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7SX82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7SX85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7UM85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7UT82 (CP150): Update to v9.40 or later
- SIPROTEC 5 7UT85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7UT86 (CP300): Update to v9.40 or later
- SIPROTEC 5 7UT87 (CP300): Update to v9.40 or later
- SIPROTEC 5 7VE85 (CP300): Update to v9.40 or later
- SIPROTEC 5 7VK87 (CP300): Update to v9.40 or later
- SIPROTEC 5 7VU85 (CP300): Update to v9.40 or later
- SIPROTEC 5 Communication Module ETH-BA-2EL: Update to v9.40 or later
- SIPROTEC 5 Communication Module ETH-BB-2FO: Update to v9.40 or later
- SIPROTEC 5 Communication Module ETH-BD-2FO: Update to v9.40 or later
- SIPROTEC 5 Compact 7SX800 (CP050): Update to v9.40 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Block access to port 4443/TCP e.g. with an external firewall
Worldwide regulations for critical power systems (e.g. TSOs or DSOs) usually require multi-level redundant secondary
protection schemes to build resilience into power grids. It is recommended that operators check whether appropriate
resilient protection measures are in place to minimize the risk of cyber incidents impacting the grid's reliability.
Siemens recommends that operators:
- Apply provided security updates using the corresponding tooling and documented procedures made available with the
product.
- Automatically apply security updates across multiple product instances if automation is supported by the product.
- Validate any security update before being applied. It is recommended to perform the update process under the
supervision of trained staff in the target environment.
- Protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN) as a general security measure.
In order to run the devices in a protected IT environment, it is advised to configure the environment according to
Siemens operational guidelines.
Recommended security guidelines can be found at SiemensΓ’ΒΒ grid security page.
For more information, see the associated Siemens security advisory SSA-322980 in HTML and CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28766");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(476);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6md89_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_6mu85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ke85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sa87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sd87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj81_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sj86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sk85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sl87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ss85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7st85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7st86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sx82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7sx85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7um85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut82_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut86_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ut87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7ve85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7vk87_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_7vu85_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siprotec_5_compact_7sx800_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:siprotec_5_6md85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6md89_firmware" :
{"versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_6mu85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ke85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa82_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sa87_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd82_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sd87_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj81_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj82_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sj86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk82_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sk85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl82_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sl87_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ss85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sx85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7um85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut82_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ut87_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7ve85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7vk87_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_compact_7sx800_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7st85_firmware" :
{"versionStartIncluding" : "7.80","family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7st86_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80","family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7sx82_firmware" :
{"versionEndExcluding" : "9.40", "family" : "Siprotec5"},
"cpe:/o:siemens:siprotec_5_7vu85_firmware" :
{"versionEndExcluding" : "9.40", "versionStartIncluding" : "7.80", "family" : "Siprotec5"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | siprotec_5_6md85_firmware | cpe:/o:siemens:siprotec_5_6md85_firmware | |
| siemens | siprotec_5_6md86_firmware | cpe:/o:siemens:siprotec_5_6md86_firmware | |
| siemens | siprotec_5_6md89_firmware | cpe:/o:siemens:siprotec_5_6md89_firmware | |
| siemens | siprotec_5_6mu85_firmware | cpe:/o:siemens:siprotec_5_6mu85_firmware | |
| siemens | siprotec_5_7ke85_firmware | cpe:/o:siemens:siprotec_5_7ke85_firmware | |
| siemens | siprotec_5_7st86_firmware | cpe:/o:siemens:siprotec_5_7st86_firmware | |
| siemens | siprotec_5_7sx82_firmware | cpe:/o:siemens:siprotec_5_7sx82_firmware | |
| siemens | siprotec_5_7sx85_firmware | cpe:/o:siemens:siprotec_5_7sx85_firmware | |
| siemens | siprotec_5_7um85_firmware | cpe:/o:siemens:siprotec_5_7um85_firmware | |
| siemens | siprotec_5_7ut82_firmware | cpe:/o:siemens:siprotec_5_7ut82_firmware |
Related
cve
cve
CVE-2023-28766
2023-04-11 10:15:18
nvd
nvd
CVE-2023-28766
2023-04-11 10:15:18
ics
ics
Siemens SIPROTEC 5 Devices
2023-04-13 12:00:00
prion
prion
Design/Logic Flaw
2023-04-11 10:15:00
cvelist
cvelist
CVE-2023-28766
2023-04-11 09:03:05