Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-15800.NASLHistoryJan 25, 2023 - 12:00 a.m.
Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)
2023-01-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
siemens
scalance x
heap-based buffer overflow
cve-2020-15800
vulnerability
tenable.ot
webserver
attack
switches
siplus net variants.
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500738);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2020-15800");
script_name(english:"Siemens SCALANCE X Products Heap-Based Buffer Overflow (CVE-2020-15800)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X-200 switch family
(incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT
switch family (incl. SIPLUS NET variants) (All versions < V5.5.0),
SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All
versions < V4.1.0). The webserver of the affected devices contains a
vulnerability that may lead to a heap overflow condition. An attacker
could cause this condition on the webserver by sending specially
crafted requests. This could stop the webserver temporarily.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-012-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has released updates for several affected products and recommends updating to the latest version(s). Siemens
recommends countermeasures where fixes are not currently available.
- SCALANCE X-200 switch family (incl. SIPLUS NET variants): Update to v5.2.5 or later
- SCALANCE X-300 switch family: Update to v4.1.0 or later
- SCALANCE X-200IRT switch family (incl. SIPLUS NET variants): Update to v5.5.0 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Limit network traffic of web servers of SCALANCE X switches to trusted connections by firewall rules (Port 443/TCP).
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in
the product manuals. For additional information, please refer to Siemens Security Advisory SSA-139628");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15800");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(122);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x307-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2lh+_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x310fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x306-1ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x320-1-2ld_fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x304-2fe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x308-2m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x302-7_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x324-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x324-12m_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x324-4m_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x324-4m_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x324-4m_poe_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408-2_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208pro_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x200-4p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204irt_pro_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204irt_firmware" :
{"versionEndExcluding" : "5.5.0", "family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"versionEndExcluding" : "5.2.5", "family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x307-3_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x307-3ld_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2ld_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2lh+_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x310fe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x306-1ld_fe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1_fe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x320-1-2ld_fe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x304-2fe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_ts_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x308-2m_poe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x302-7_eec_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x324-12m_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x324-12m_ts_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x324-4m_eec_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x324-4m_poe_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x324-4m_poe_ts_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x408-2_firmware" :
{"versionEndExcluding" : "4.1.0", "family" : "SCALANCEX400"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
cve
cve
CVE-2020-15800
2021-01-12 21:15:16
prion
prion
Design/Logic Flaw
2021-01-12 21:15:00
cvelist
cvelist
CVE-2020-15800
2021-01-12 20:18:33
nvd
nvd
CVE-2020-15800
2021-01-12 21:15:16
ics
ics
Siemens SCALANCE X Products (Update B)
2021-09-14 12:00:00
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
56.7%
Related for TENABLE_OT_SIEMENS_CVE-2020-15800.NASL