CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.8%
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of ‘in place’ encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502322);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2022-2097");
script_xref(name:"ICSA", value:"23-017-03");
script_xref(name:"ICSA", value:"24-165-10");
script_xref(name:"ICSA", value:"24-165-11");
script_name(english:"Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2022-2097)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some circumstances.
This could reveal sixteen bytes of data that was preexisting in the memory that
wasn't written. In the special case of 'in place' encryption, sixteen bytes of
the plaintext would be revealed. Since OpenSSL does not support OCB based cipher
suites for TLS and DTLS, they are both unaffected.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-398330.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-879734.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-625862.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-794697.html");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20230207.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens released V1.0 SP2 Update 1 for SINEC INS and recommends updating to the latest version.
Siemens identified the following specific workarounds and mitigations users can apply to reduce risk:
- CVE-2022-45094: Disable the DHCP service of the affected product, if not required.
- CVE-2022-45093: Disable the SFTP service of the affected product, if not required.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens'
operational guidelines for industrial security and following the recommendations in the product manuals. Siemens has
published additional information on industrial security.
For further inquiries on security vulnerabilities in Siemens products, users should contact Siemens ProductCERT.
For more information, see the associated Siemens security advisory SSA-332410 in HTML and CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2097");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(326);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/23");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm416-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1542sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1543sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_tm_mfp");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_s7-1500_firmware" :
{"versionStartIncluding" : "3.1.0", "family" : "S71500", "orderNumbers" : ["6ES7518-4AX00-1AB0","6ES7518-4AX00-1AC0","6ES7518-4FX00-1AB0","6ES7518-4FX00-1AC0","6AG1518-4AX00-4AC0"]},
"cpe:/o:siemens:scalance_xm408-4c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5408-4GP00-2AM2", "6GK5408-4GQ00-2AM2"]},
"cpe:/o:siemens:scalance_xm408-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5408-8GS00-2AM2", "6GK5408-8GR00-2AM2"]},
"cpe:/o:siemens:scalance_xm416-4c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5416-4GS00-2AM2", "6GK5416-4GR00-2AM2"]},
"cpe:/o:siemens:scalance_xr524-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5524-8GS00-3AR2", "6GK5524-8GR00-3AR2", "6GK5524-8GS00-4AR2", "6GK5524-8GR00-4AR2", "6GK5524-8GS00-2AR2", "6GK5524-8GR00-2AR2"]},
"cpe:/o:siemens:scalance_xr526-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5526-8GS00-3AR2", "6GK5526-8GR00-3AR2", "6GK5526-8GR00-4AR2", "6GK5526-8GS00-4AR2", "6GK5526-8GS00-2AR2", "6GK5526-8GR00-2HR2"]},
"cpe:/o:siemens:scalance_xr528-6m_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5528-0AA00-2HR2", "6GK5528-0AR00-2HR2", "6GK5528-0AA00-2AR2", "6GK5528-0AR00-2AR2"]},
"cpe:/o:siemens:scalance_xr552-12m_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5552-0AA00-2HR2", "6GK5552-0AR00-2HR2", "6GK5552-0AR00-2AR2", "6GK5552-0AA00-2AR2"]},
"cpe:/o:siemens:simatic_cp_1542sp-1_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7542-6UX00-0XE0"]},
"cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7542-6VX00-0XE0"]},
"cpe:/o:siemens:simatic_cp_1543sp-1_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7543-6WX00-0XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6AG2542-6VX00-4XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware" :
{"versionEndExcluding" : "2.3", "family" : "ET200", "orderNumbers" : ["6AG1543-6WX00-7XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware" :
{"versionEndExcluding" : "2.3", "family" : "ET200", "orderNumbers" : ["6AG2543-6WX00-4XE0"]},
"cpe:/o:siemens:simatic_s7-1500_tm_mfp" :
{"versionEndExcluding" : "1.1", "family" : "S71500", "orderNumbers": ["6ES7558-1AA00-0AB0"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
cert-portal.siemens.com/productcert/html/ssa-398330.html
cert-portal.siemens.com/productcert/html/ssa-625862.html
cert-portal.siemens.com/productcert/html/ssa-794697.html
cert-portal.siemens.com/productcert/html/ssa-879734.html
www.cisa.gov/news-events/ics-advisories/icsa-23-017-03
www.cisa.gov/news-events/ics-advisories/icsa-24-165-10
www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
www.openssl.org/news/secadv/20230207.txt
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
72.8%