Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2023-6931.NASLHistoryApr 22, 2024 - 12:00 a.m.
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2023-6931)
2024-04-2200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
siemens
s7-1500
out-of-bounds write
local privilege escalation
linux kernel
performance events
cve-2023-6931
tenable.ot
cisa
siemens security advisory
7.4 High
AI Score
Confidence
High
A heap out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation.
A perf_event’s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(502218);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");
script_cve_id("CVE-2023-6931");
script_name(english:"Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2023-6931)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A heap out-of-bounds write vulnerability in the Linux kernel's Performance
Events system component can be exploited to achieve local privilege escalation.
A perf_event's read_size can overflow, leading to an heap out-of-bounds increment
or write in perf_read_group().
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-01");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-265688.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-794697.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-398330.html");
script_set_attribute(attribute:"solution", value:
"Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
- Only build and run applications from trusted sources
Product-specific remediations or mitigations can be found in the section 'Affected Products and Solution' of
the vendor advisory.
For more information, see the associated Siemens security advisory in HTML and CSAF.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6931");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_tm_mfp");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_s7-1500_tm_mfp" :
{"versionStartIncluding" : "1.0", "versionEndIncluding" : "1.1", "family" : "S71500", "orderNumbers": ["6ES7558-1AA00-0AB0"]},
"cpe:/o:siemens:cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware" :
{"versionStartIncluding" : "3.1", "versionEndIncluding" : "3.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4AX00-1AB0","6ES7518-4AX00-1AC0","6AG1518-4AX00-4AC0"]},
"cpe:/o:siemens:cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware" :
{"versionStartIncluding" : "3.1", "versionEndIncluding" : "3.1", "family" : "S71500", "orderNumbers" : ["6ES7518-4FX00-1AB0","6ES7518-4FX00-1AC0"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_s7-1500_tm_mfp | cpe:/o:siemens:simatic_s7-1500_tm_mfp | |
| siemens | simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware | cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware | |
| siemens | simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware | cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware |
Related
debiancve
debiancve
CVE-2023-6931
2023-12-19 14:15:08
ubuntucve
ubuntucve
CVE-2023-6931
2023-12-19 00:00:00
prion
prion
Heap overflow
2023-12-19 14:15:00
cve
cve
CVE-2023-6931
2023-12-19 14:15:08
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-6931
2023-12-19 21:45:54
cbl_mariner
cbl_mariner
CVE-2023-6931 affecting package kernel for versions less than 5.15.143.1-1
2024-01-19 03:54:24
redhat
redhat
(RHSA-2024:1840) Moderate: kernel-rt security update
2024-04-16 14:32:07
(RHSA-2024:1836) Moderate: kernel security, bug fix, and enhancement update
2024-04-16 14:29:27
(RHSA-2024:1607) Important: kernel security, bug fix, and enhancement update
2024-04-02 14:57:00
nessus
nessus
RHEL 9 : kernel (RHSA-2024:1836)
2024-04-17 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:1840)
2024-04-17 00:00:00
Amazon Linux AMI : kernel (ALAS-2024-1912)
2024-02-06 00:00:00
amazon
amazon
Important: kernel
2024-02-01 19:33:00
Important: kernel
2024-02-01 19:57:00
openvas
openvas
Ubuntu: Security Advisory (USN-6603-1)
2024-01-26 00:00:00
Ubuntu: Security Advisory (USN-6605-2)
2024-01-30 00:00:00
Ubuntu: Security Advisory (USN-6605-1)
2024-01-26 00:00:00
osv
osv
ubuntu
ubuntu
Linux kernel (AWS) vulnerabilities
2024-01-25 00:00:00
Linux kernel vulnerabilities
2024-01-25 00:00:00
Linux kernel (KVM) vulnerabilities
2024-01-29 00:00:00
ics
ics
Siemens SIMATIC S7-1500
2024-04-11 12:00:00
rocky
rocky
kernel security, bug fix, and enhancement update
2024-05-06 13:07:04
kernel security, bug fix, and enhancement update
2024-04-05 14:55:53
kernel-rt security and bug fix update
2024-04-05 14:56:14
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2024-04-10 00:00:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2024-04-02 00:00:00
debian
debian
[SECURITY] [DSA 5593-1] linux security update
2024-01-01 13:25:21
[SECURITY] [DLA 3711-1] linux-5.10 security update
2024-01-11 17:58:27
[SECURITY] [DSA 5594-1] linux security update
2024-01-02 21:05:08
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0713
2024-01-16 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0548
2024-01-13 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0187
2024-01-09 00:00:00
ibm
ibm