Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2023-37195.NASL
HistoryFeb 20, 2024 - 12:00 a.m.

Siemens SIMATIC CP Products Uncontrolled Resource Consumption (CVE-2023-37195)

2024-02-2000:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
siemens simatic cp
uncontrolled resource consumption
cve-2023-37195
vulnerability
local attackers
denial of service
physical power cycle

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).
Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501998);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");

  script_cve_id("CVE-2023-37195");

  script_name(english:"Siemens SIMATIC CP Products Uncontrolled Resource Consumption (CVE-2023-37195)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC CP 1604 (All versions),
SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions),
SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).
Affected devices insufficiently control continuous mapping of direct
memory access (DMA) requests. This could allow local attackers with
administrative privileges to cause a denial of service situation on
the host. A physical power cycle is required to get the system working
again.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-37195");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1604_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1616_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1623_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1626_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1628_firmware:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_cp_1604_firmware:-" :
        {"family" : "NETCP1600", "orderNumbers" : ["6GK1160-4AA01"]},
    "cpe:/o:siemens:simatic_cp_1616_firmware:-" :
        {"family" : "NETCP1600", "orderNumbers" : ["6GK1161-6AA02"]},
    "cpe:/o:siemens:simatic_cp_1623_firmware:-" :
        {"family" : "NETCP1600", "orderNumbers" : ["6GK1162-3AA00"]},
    "cpe:/o:siemens:simatic_cp_1626_firmware:-" :
        {"family" : "NETCP1600", "orderNumbers" : ["6GK1162-6AA01"]},
    "cpe:/o:siemens:simatic_cp_1628_firmware:-" :
        {"family" : "NETCP1600", "orderNumbers" : ["6GK1162-8AA00"]}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemenssimatic_cp_1604_firmware-cpe:/o:siemens:simatic_cp_1604_firmware:-
siemenssimatic_cp_1616_firmware-cpe:/o:siemens:simatic_cp_1616_firmware:-
siemenssimatic_cp_1623_firmware-cpe:/o:siemens:simatic_cp_1623_firmware:-
siemenssimatic_cp_1626_firmware-cpe:/o:siemens:simatic_cp_1626_firmware:-
siemenssimatic_cp_1628_firmware-cpe:/o:siemens:simatic_cp_1628_firmware:-

Related

cve 1
cvelist 1
prion 1
cnvd 1
nvd 1
ics 1
cve
cve
CVE-2023-37195
2023-10-10 11:15:11
cvelist
cvelist
CVE-2023-37195
2023-10-10 10:21:24
prion
prion
Design/Logic Flaw
2023-10-10 11:15:00
cnvd
cnvd
Siemens SIMATIC CP Device Uncontrolled Resource Consumption Vulnerability
2023-10-11 00:00:00
nvd
nvd
CVE-2023-37195
2023-10-10 11:15:11
ics
ics
Siemens SIMATIC CP products
2023-10-12 12:00:00

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2023-37195.NASL
cve1cvelist1prion1cnvd1nvd1ics1