A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500767);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-24043");
script_name(english:"Siemens Desigo PXC and DXR Devices Observable Discrepancy (CVE-2022-24043)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in Desigo DXR2 (All versions <
V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo
PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions <
V02.20.142.10-10884). The login functionality of the application fails
to normalize the response times of login attempts performed with wrong
usernames with the ones executed with correct usernames. A remote
unauthenticated attacker could exploit this side-channel information
to perform a username enumeration attack and identify valid usernames.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-10");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends updating to the latest software version:
- Desigo DXR2: Update to v01.21.142.5-22 or later
- Desigo PXC3: Update to v01.21.142.4-18 or later
- Desigo PXC4: Update to v02.20.142.10-10884 or later
- Desigo PXC5: Update to v02.20.142.10-10884 or later
Contact Siemens for update information.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
operational guidelines for industrial security and following the recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-626968
For additional information, please refer to Siemens Security Advisory SSA-662649");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24043");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(203);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/20");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_dxr2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:desigo_pxc5_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:desigo_dxr2_firmware" :
{"versionEndExcluding" : "01.21.142.5-22", "family" : "Desigo"},
"cpe:/o:siemens:desigo_pxc3_firmware" :
{"versionEndExcluding" : "01.21.142.4-18", "family" : "Desigo"},
"cpe:/o:siemens:desigo_pxc4_firmware" :
{"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"},
"cpe:/o:siemens:desigo_pxc5_firmware" :
{"versionEndExcluding" : "02.20.142.10-10884", "family" : "Desigo"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);