Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2017-2681.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Siemens PROFINET DCP Uncontrolled Resource Consumption (CVE-2017-2681)

2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500218);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2017-2681");

  script_name(english:"Siemens PROFINET DCP Uncontrolled Resource Consumption (CVE-2017-2681)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Specially crafted PROFINET DCP packets sent on a local Ethernet
segment (Layer 2) to an affected product could cause a denial of
service condition of that product. Human interaction is required to
recover the system. PROFIBUS interfaces are not affected. This
vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile
Panels, and S7-300/S7-400 devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc2d1044");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/98369");
  script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1038463");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

The attacker must have network access to the local Ethernet segment (Layer 2).

Siemens provides firmware updates fixing these vulnerabilities for the following affected products and recommends users
update to the new fixed version:

- Development/Evaluation Kits DK Standard Ethernet Controller: Update to v4.1.1 Patch04
- Development/Evaluation Kits EK-ERTEC 200P PN IO: Update to v4.4.0 Patch01
- Development/Evaluation Kits EK-ERTEC 200 PN IO: Update to v4.2.1 Patch03
- IE/PB-Link: Update to v3.0
- SCALANCE M-800, S615: Update to v04.3
- SCALANCE W700: Update to v6.1.0
- SCALANCE X-300/X408: Update to v4.1.0
- SCALANCE X414: Update to v3.10.2
- SCALANCE X-200: Update to v5.2.2
- SCALANCE X-200IRT: Update to v5.4.0
- SCALANCE XM-400: Update to v6.1
- SCALANCE XR-500: Update to v6.1
- SIMATIC DK-16xx PN IO: Update to v2.7
- SIMATIC ET 200AL: Update to v1.0.2
- SIMATIC ET 200MP IM155-5 PN BA: Update to v4.0.1 or newer
- SIMATIC ET 200MP IM155-5 PN HF: Update to v4.2
- SIMATIC ET 200MP IM155-5 PN ST: Update to v4.1

- SIMATIC ET 200SP: No remediation is currently planned

- SIMATIC ET 200SP IM155-6 PN HF: Update to v4.2.0
- SIMATIC ET 200SP IM155-6 PN HS: Update to v4.0.1
- SIMATIC ET 200SP IM155-6 PN ST: Update to v4.1.0
- SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels: Update to v15.1
- SIMATIC MV400 family: Update to v7.0.6
- SIMATIC NET CM 1542-1: Update to v2.0
- SIMATIC NET CM 1542SP-1: Update to v1.0.15
- SIMATIC NET CP 343-1 Std and SIMATIC NET CP 343-1 Lean: Update to v3.1.3
- SIMATIC NET CP 443-1 Advanced: Update to v3.2.17
- SIMATIC NET CP 443-1 Standard: Update to v3.2.17
- SIMATIC NET CP 1243-1 and SIMATIC NET CP 1243-1 IRC: Update to v3.1
- SIMATIC NET CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1: Update to v1.0.15
- SIMATIC NET CP 1543-1: Update to v2.1
- SIMATIC NET CP 1604, 1616: Update to v2.8.0
- SIMATIC PN/PN Coupler: Update to v4.0
- SIMATIC RF650R, RF680R, RF685R: Update to v3.0
- SIMATIC S7-200 SMART: Contact a Siemens representative or customer support to update to v2.3
- SIMATIC S7-300 CPU family: Update to v3.X.14
- SIMATIC S7-400 H V6 CPU family: Update to v6.0.7
- SIMATIC S7-400 PN/DP V6 CPU family: Update to v6.0.6
- SIMATIC S7-400 PN/DP V7 CPU family: Update to v7.0.2
- SIMATIC S7-410 CPU family: Update to v8.2
- SIMATIC S7-1200 including F: Update to v4.2.1
- SIMATIC S7-1500 including F, T and TF: Update to v2.1
- SIMATIC S7-1500 Software Controller including F: Update to v2.1
- SIMATIC TDC CP51M1: Update to v1.1.8
- SIMATIC TDC CPU555: Update to v1.1.1
- SIMATIC Teleservice Adapters (IE Basic, IE Standard, IE Advanced): migrate to a successor product within the SCALANCE
M-800 family. For details refer to the notice of discontinuation.
- SIMATIC WinAC RTX (F) 2010: Update to SIMATIC WinAC RTX 2010 SP3 and apply BIOS and Microsoft Windows updates
- SIMOCODE pro V PN: Update to v2.0.0
- SIMOTION: Update to v4.5 HF1
- SINAMICS DCM w. PN: Update to v1.4 SP1 HF5
- SINAMICS DCP w. PN: Update to v1.2 HF1
- SINAMICS G110M/G120(C/P/D) w. PN: Update to v4.7 SP6 HF3
- SINAMICS G130 and G150 v4.7: Update to v4.7 HF27
- SINAMICS G130 and G150 v4.8: Update to v4.8 HF4
- SINAMICS S110 w. PN: Update to v4.4 SP3 HF5
- SINAMICS S120 v4.7: Update to v4.7 HF27
- SINAMICS S120 v4.8: Update to v4.8 HF4
- SINAMICS S150 v4.7: Update to v4.7 HF27
- SINAMICS S150: v4.8: Update to v4.8 HF4
- SINAMICS v90 w. PN: Update to v1.1
- SINUMERIK 828D v4.5: Update to v4.5 SP6 HF2
- SINUMERIK 828D v4.7: Update to v4.7 SP4 HF1
- SINUMERIK 840D sl v4.5 and prior: Update to v4.5 SP6 HF8
- SINUMERIK 840D sl v4.7: Update to v4.7 SP4 HF1

SINUMERIK software updates listed above can be obtained from a Siemens account manager.

- SIRIUS ACT 3SU1 interface module PROFINET: Update to v1.1.0
- SITOP PSU8600 PROFINET: Update to v1.2.0
- SITOP UPS1600 PROFINET: Update to v2.2.0
- Softnet PROFINET IO for PC-based Windows systems: Update to v14 SP1

Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the
meantime:

- Apply cell protection concept.
- Use VPN for protecting network communication between cells.
- Apply defense-in-depth.

As a general security measure Siemens strongly recommends protecting industrial control systems networks with
appropriate mechanisms. Siemens strongly recommends verifying the affected products are protected as described in
PROFINET Security Guidelines and Siemens Operational Guidelines in order to run the devices in a protected IT
environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security
Advisory SSA-293562");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2681");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m-800_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w700_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200_irt_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x300_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x414_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm400_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr500_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1243-1_dnp3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1243-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1243-1_iec_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1243-1_irc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1543-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1543sp-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_343-1_adv_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_343-1_lean_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_343-1_std_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_443-1_adv_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_443-1_std_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200al_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200ecopn_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200m_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200pro_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200s_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-200_smart_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400h_v6_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400pn%2fdp_v6_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-400pn%2fdp_v7_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_tdc_cp51m1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_tdc_cpu555_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:sitop_psu8600_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cm_1542-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cm_1542sp-1_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1616_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1604_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200mp_im155-5_pn_ba_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200mp_im155-5_pn_hf_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200mp_im155-5_pn_st_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200sp_im155-6_pn_hf_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200sp_im155-6_pn_hs_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200sp_im155-6_pn_st_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et_200sp_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-410_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_cp_343-1_std_firmware" :
        {"versionEndExcluding" : "3.1.3", "family" : "S7300"},
    "cpe:/o:siemens:simatic_cp_343-1_lean_firmware" :
        {"versionEndExcluding" : "3.1.3", "family" : "S7300"},
    "cpe:/o:siemens:simatic_cp_343-1_adv_firmware" :
        {"family" : "S7300"},
    "cpe:/o:siemens:simatic_cp_443-1_std_firmware" :
        {"versionEndExcluding" : "3.2.17", "family" : "S7400"},
    "cpe:/o:siemens:simatic_cp_443-1_adv_firmware" :
        {"versionEndExcluding" : "3.2.17", "family" : "S7400"},
    "cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware" :
        {"family" : "S7400"},
    "cpe:/o:siemens:simatic_cp_1243-1_firmware" :
        {"versionEndExcluding" : "2.1.82", "family" : "S71200"},
    "cpe:/o:siemens:simatic_cp_1543sp-1_firmware" :
        {"versionEndExcluding" : "1.0.15", "family" : "S71500"},
    "cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware" :
        {"versionEndExcluding" : "1.0.15", "family" : "S71500"},
    "cpe:/o:siemens:simatic_cp_1543-1_firmware" :
        {"versionEndExcluding" : "2.1", "family" : "S71500"},
    "cpe:/o:siemens:scalance_x200_series_firmware" :
        {"versionEndExcluding" : "5.2.2", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x200_irt_series_firmware" :
        {"versionEndExcluding" : "5.4.0", "family" : "SCALANCEX200IRT"},
    "cpe:/o:siemens:scalance_x300_series_firmware" :
        {"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
    "cpe:/o:siemens:scalance_x408_firmware" :
        {"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_x414_firmware" :
        {"versionEndExcluding" : "3.10.2", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm400_series_firmware" :
        {"versionEndExcluding" : "6.1", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xr500_series_firmware" :
        {"versionEndExcluding" : "6.1", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_w700_firmware" :
        {"versionEndExcluding" : "6.1", "family" : "SCALANCEW"},
    "cpe:/o:siemens:scalance_m-800_firmware" :
        {"versionEndExcluding" : "4.03", "family" : "SCALANCEM"},
    "cpe:/o:siemens:scalance_s615_firmware" :
        {"versionEndExcluding" : "4.03", "family" : "SCALANCES"},
    "cpe:/o:siemens:sitop_psu8600_firmware" :
        {"versionEndExcluding" : "1.2.0", "family" : "SITOP"},
    "cpe:/o:siemens:simatic_et_200al_firmware" :
        {"versionEndExcluding" : "1.0.2", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et_200ecopn_firmware" :
        {"family" : "ET200", "orderNumbers" : ["6ES7145-6HD00-0AB0","6ES7147-6BG00-0AB0","6ES7142-6BR00-0AB0","6ES7144-6KD50-0AB0","6ES7144-6KD00-0AB0","6ES7141-6BF00-0AB0","6ES7141-6BG00-0AB0","6ES7142-6BF50-0AB0","6ES7142-6BF00-0AB0","6ES7142-6BG00-0AB0","6ES7141-6BH00-0AB0","6ES7142-6BH00-0AB0","6ES7148-6JA00-0AB0"]},
    "cpe:/o:siemens:simatic_et_200m_firmware" :
        {"family" : "ET200M"},
    "cpe:/o:siemens:simatic_et_200pro_firmware" :
        {"family" : "ET200"},
    "cpe:/o:siemens:simatic_et_200s_firmware" :
        {"family" : "ET200"},
    "cpe:/o:siemens:simatic_s7-200_smart_firmware" :
        {"versionEndExcluding" : "2.3", "family" : "S7200"},
    "cpe:/o:siemens:simatic_s7-300_firmware" :
        {"versionEndExcluding" : "3.x.14", "family" : "S7300"},
    "cpe:/o:siemens:simatic_s7-400h_v6_firmware" :
        {"versionStartIncluding" : "6.0", "versionEndExcluding" : "6.0.7", "family" : "S7400"},
    "cpe:/o:siemens:simatic_s7-400pn%2fdp_v6_firmware" :
        {"versionStartIncluding" : "6.0", "versionEndExcluding" : "6.0.6", "family" : "S7400"},
    "cpe:/o:siemens:simatic_s7-400pn%2fdp_v7_firmware" :
        {"versionStartIncluding" : "7.0", "versionEndExcluding" : "7.0.2", "family" : "S7400"},
    "cpe:/o:siemens:simatic_s7-1200_firmware" :
        {"versionEndExcluding" : "4.2.1", "family" : "S71200"},
    "cpe:/o:siemens:simatic_s7-1500_firmware" :
        {"versionEndExcluding" : "2.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_cp_1243-1_irc_firmware" :
        {"versionEndExcluding" : "2.1.82", "family" : "S71200"},
    "cpe:/o:siemens:simatic_cp_1243-1_iec_firmware" :
        {"family" : "S71200"},
    "cpe:/o:siemens:simatic_cp_1243-1_dnp3_firmware" :
        {"family" : "S71200"},
    "cpe:/o:siemens:simatic_tdc_cpu555_firmware" :
        {"versionEndExcluding" : "1.1.1", "family" : "TDCCPU555"},
    "cpe:/o:siemens:simatic_tdc_cp51m1_firmware" :
        {"versionEndExcluding" : "1.1.8", "family" : "TDCCP51m1"},
    "cpe:/o:siemens:simatic_cm_1542-1_firmware" :
        {"versionEndExcluding" : "2.0", "family" : "S71500"},
    "cpe:/o:siemens:simatic_cm_1542sp-1_firmware" :
        {"versionEndExcluding" : "1.0.15", "family" : "S71500"},
    "cpe:/o:siemens:simatic_cp_1616_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "NETCP1600"},
    "cpe:/o:siemens:simatic_cp_1604_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "NETCP1600"},
    "cpe:/o:siemens:simatic_et200mp_im155-5_pn_ba_firmware" :
        {"versionEndExcluding" : "4.0.1", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et200mp_im155-5_pn_hf_firmware" :
        {"versionEndExcluding" : "4.2", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et200mp_im155-5_pn_st_firmware" :
        {"versionEndExcluding" : "4.1", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et200sp_im155-6_pn_hf_firmware" :
        {"versionEndExcluding" : "4.2", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et200sp_im155-6_pn_hs_firmware" :
        {"versionEndExcluding" : "4.0.1", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et200sp_im155-6_pn_st_firmware" :
        {"versionEndExcluding" : "4.1.0", "family" : "ET200"},
    "cpe:/o:siemens:simatic_et_200sp_firmware" :
        {"versionEndExcluding" : "4.2.0", "family" : "ET200SP"},
    "cpe:/o:siemens:simatic_s7-410_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "S7400"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemensscalance_m-800_firmwarecpe:/o:siemens:scalance_m-800_firmware
siemensscalance_s615_firmwarecpe:/o:siemens:scalance_s615_firmware
siemensscalance_w700_firmwarecpe:/o:siemens:scalance_w700_firmware
siemensscalance_x200_series_firmwarecpe:/o:siemens:scalance_x200_series_firmware
siemensscalance_x200_irt_series_firmwarecpe:/o:siemens:scalance_x200_irt_series_firmware
siemensscalance_x300_series_firmwarecpe:/o:siemens:scalance_x300_series_firmware
siemensscalance_x408_firmwarecpe:/o:siemens:scalance_x408_firmware
siemensscalance_x414_firmwarecpe:/o:siemens:scalance_x414_firmware
siemensscalance_xm400_series_firmwarecpe:/o:siemens:scalance_xm400_series_firmware
siemensscalance_xr500_series_firmwarecpe:/o:siemens:scalance_xr500_series_firmware
Rows per page:
1-10 of 501

Related

nessus 1
prion 1
nvd 1
cvelist 1
cve 1
ics 12
openvas 1
nessus
nessus
Siemens Simatic Improper Input Validation
2019-11-08 00:00:00
prion
prion
Design/Logic Flaw
2017-05-11 10:29:00
nvd
nvd
CVE-2017-2681
2017-05-11 10:29:00
cvelist
cvelist
CVE-2017-2681
2017-05-11 10:00:00
cve
cve
CVE-2017-2681
2017-05-11 10:29:00
ics
ics
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)
2017-05-09 00:00:00
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)
2017-05-09 00:00:00
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)
2017-05-09 00:00:00
openvas
openvas
Siemens SIMATIC S7 PLC Multiple Vulnerabilities (SSA-293562)
2017-08-18 00:00:00

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2017-2681.NASL
nessus1prion1nvd1cvelist1cve1ics12openvas1