CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
55.2%
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501840);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2022-4304");
script_xref(name:"ICSA", value:"23-075-04");
script_xref(name:"ICSA", value:"24-165-10");
script_xref(name:"ICSA", value:"24-165-11");
script_name(english:"Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext
across a network in a Bleichenbacher style attack. To achieve a
successful decryption an attacker would have to be able to send
a very large number of trial messages for decryption.
The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client
to send an encrypted pre-master secret to the server.
An attacker that had observed a genuine connection between a client and a server
could use this flaw to send trial messages to the server and record the time taken
to process them. After a sufficiently large number of messages the attacker could
recover the pre-master secret used for the original connection and thus be able to
decrypt the application data sent over that connection.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-398330.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-879734.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-625862.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-794697.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-203374.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-699386.html");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-264814.html");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20230207.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- CVE-2022-4304: Disable the use of RSA ciphers in the web server configuration; note that RSA ciphers are disabled by
default.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens'
operational guidelines for Industrial Security. Additional information on Siemens Industrial Security can be found here.
For more information, see the associated Siemens security advisory SSA-203374 in HTML and CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-4304");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(203, 326);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1200_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware:2.9.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware:3.0.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_firmware:3.1.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm416-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1542sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1543sp-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_tm_mfp");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb205-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb205-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb213-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb213-3ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xb216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2g_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2g_poe_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2sfp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2sfp_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2sfp_g_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc206-2sfp_g_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc208_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc208g_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc208g_eecfirmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc208g_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216-3g_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216-4c_g_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216-4c_g_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc216eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc224-4c_g_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xc224-4c_g_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_dna_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_dna_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp208eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp208poe_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp216eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xp216poe_eec_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr324wg_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr326-2c_poe_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr328-4c_wg_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_xc206-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_xc206-2sfp_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_xc208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:siplus_net_scalance_xc216-4c_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:2.9.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:3.0.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:2.9.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:3.0.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200pro_firmware:2.9.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200pro_firmware:3.2.19");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200sp_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_et200sp_firmware:2.9.7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.2.19");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.3.19");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"versionEndExcluding": "8.10.0.9", "family" : "SCALANCEW", "orderNumbers" : ["6GK5750-2HX01-1AD0","6GK5750-2HX01-1AA0","6GK5750-2HX01-1AB0"]},
"cpe:/o:siemens:simatic_s7-1200_firmware:-" :
{"family" : "S71200"},
"cpe:/o:siemens:simatic_s7-1500_firmware:-" :
{"family" : "S71500", "orderNumbers" : ["6ES7510-1SJ00-0AB0","6ES7510-1DJ00-0AB0","6ES7511-1AK00-0AB0","6ES7511-1FK00-0AB0","6ES7512-1SK00-0AB0","6ES7512-1DK00-0AB0","6ES7513-1AL00-0AB0","6ES7513-1FL00-0AB0","6ES7515-2AM00-0AB0","6ES7515-2FM00-0AB0","6ES7516-3AN00-0AB0","6ES7516-3FN00-0AB0","6AG1511-1AK00-2AB0","6AG1511-1FK00-2AB0","6AG1513-1AL00-2AB0","6AG1513-1FL00-2AB0","6AG1516-3AN00-2AB0","6AG1516-3AN00-7AB0","6AG1516-3FN00-2AB0"]},
"cpe:/o:siemens:simatic_s7-1500_firmware:2.9.7" :
{"family" : "S71500", "orderNumbers" : ["6ES7510-1SJ01-0AB0","6ES7510-1DJ01-0AB0","6ES7511-1AK01-0AB0","6ES7511-1AK02-0AB0","6ES7511-1CK00-0AB0","6ES7511-1CK01-0AB0","6ES7511-1FK01-0AB0","6ES7511-1FK02-0AB0","6ES7511-1TK01-0AB0","6ES7511-1UK01-0AB0","6ES7512-1CK00-0AB0","6ES7512-1CK01-0AB0","6ES7512-1SK01-0AB0","6ES7512-1DK01-0AB0","6ES7513-1AL01-0AB0","6ES7513-1AL02-0AB0","6ES7513-1FL01-0AB0","6ES7513-1FL02-0AB0","6ES7513-1RL00-0AB0","6ES7515-2AM01-0AB0","6ES7515-2AM02-0AB0","6ES7515-2FM01-0AB0","6ES7515-2FM02-0AB0","6ES7515-2RM00-0AB0","6ES7515-2TM01-0AB0","6ES7515-2UM01-0AB0","6ES7516-3AN01-0AB0","6ES7516-3AN02-0AB0","6ES7516-3FN01-0AB0","6ES7516-3FN02-0AB0","6ES7518-4AP00-3AB0","6ES7518-4FP00-3AB0","6AG1511-1AK01-2AB0","6AG1511-1AK01-7AB0","6AG1511-1AK02-2AB0","6AG1511-1AK02-7AB0","6AG2511-1AK01-1AB0","6AG2511-1AK02-1AB0","6AG2511-1AK01-4AB0","6AG2511-1AK02-4AB0","6AG1511-1FK01-2AB0","6AG1511-1FK02-2AB0","6AG1513-1AL01-2AB0","6AG1513-1AL01-7AB0","6AG1513-1AL02-2AB0","6AG1513-1AL02-7AB0","6AG1513-1FL01-2AB0","6AG1513-1FL02-2AB0","6AG1515-2FM01-2AB0","6AG1515-2FM02-2AB0","6AG2515-2FM02-4AB0","6AG2515-2FM01-2AB0","6AG1515-2RM00-7AB0","6AG2515-2RM00-4AB0","6AG1516-3AN01-2AB0","6AG1516-3AN01-7AB0","6AG1516-3AN02-2AB0","6AG1516-3AN02-7AB0","6AG2516-3AN02-4AB0","6AG2516-3AN01-4AB0","6AG1516-3FN01-2AB0","6AG1516-3FN02-2AB0","6AG2516-3FN02-2AB0","6AG2516-3FN02-4AB0"]},
"cpe:/o:siemens:simatic_s7-1500_firmware:3.0.3" :
{"family" : "S71500", "orderNumbers" : ["6ES7510-1SK03-0AB0","6ES7510-1DK03-0AB0","6ES7511-1AL03-0AB0","6ES7511-1FL03-0AB0","6ES7511-1TL03-0AB0","6ES7511-1UL03-0AB0","6ES7512-1SM03-0AB0","6ES7512-1DM03-0AB0","6ES7513-1AM03-0AB0","6ES7513-1FM03-0AB0","6ES7513-1RM03-0AB0","6ES7514-2SN03-0AB0","6ES7514-2DN03-0AB0","6ES7514-2WN03-0AB0","6ES7514-2VN03-0AB0","6ES7515-2AN03-0AB0","6ES7515-2FN03-0AB0","6ES7515-2RN03-0AB0","6ES7515-2TN03-0AB0","6ES7515-2UN03-0AB0","6ES7516-3AP03-0AB0","6ES7516-3FP03-0AB0","6ES7516-3TN00-0AB0","6ES7516-3UN00-0AB0","6ES7517-3AP00-0AB0","6ES7517-3FP00-0AB0","6ES7517-3HP00-0AB0","6ES7517-3TP00-0AB0","6ES7517-3UP00-0AB0","6ES7518-4AP00-0AB0","6ES7518-4AX00-1AB0","6ES7518-4FP00-0AB0","6ES7518-4FX00-1AB0","6ES7518-4JP00-0AB0","6ES7518-4TP00-0AB0","6ES7518-4UP00-0AB0","6AG1517-3HP00-4AB0","6AG1518-4AP00-4AB0","6AG1518-4AX00-4AC0","6AG1518-4FP00-4AB0","6AG1518-4JP00-4AB0"]},
"cpe:/o:siemens:simatic_s7-1500_firmware:3.1.0" :
{"family" : "S71500", "versionStartIncluding" : "3.1.0", "orderNumbers" : ["6ES7518-4AX00-1AB0","6ES7518-4AX00-1AC0","6ES7518-4FX00-1AB0","6ES7518-4FX00-1AC0","6AG1518-4AX00-4AC0"]},
"cpe:/o:siemens:scalance_xm408-4c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5408-4GP00-2AM2", "6GK5408-4GQ00-2AM2"]},
"cpe:/o:siemens:scalance_xm408-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5408-8GS00-2AM2", "6GK5408-8GR00-2AM2"]},
"cpe:/o:siemens:scalance_xm416-4c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX400", "orderNumbers": ["6GK5416-4GS00-2AM2", "6GK5416-4GR00-2AM2"]},
"cpe:/o:siemens:scalance_xr524-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5524-8GS00-3AR2", "6GK5524-8GR00-3AR2", "6GK5524-8GS00-4AR2", "6GK5524-8GR00-4AR2", "6GK5524-8GS00-2AR2", "6GK5524-8GR00-2AR2"]},
"cpe:/o:siemens:scalance_xr526-8c_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5526-8GS00-3AR2", "6GK5526-8GR00-3AR2", "6GK5526-8GR00-4AR2", "6GK5526-8GS00-4AR2", "6GK5526-8GS00-2AR2", "6GK5526-8GR00-2HR2"]},
"cpe:/o:siemens:scalance_xr528-6m_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5528-0AA00-2HR2", "6GK5528-0AR00-2HR2", "6GK5528-0AA00-2AR2", "6GK5528-0AR00-2AR2"]},
"cpe:/o:siemens:scalance_xr552-12m_firmware:-" :
{"versionEndExcluding" : "6.6.1", "family" : "SCALANCEX500", "orderNumbers": ["6GK5552-0AA00-2HR2", "6GK5552-0AR00-2HR2", "6GK5552-0AR00-2AR2", "6GK5552-0AA00-2AR2"]},
"cpe:/o:siemens:simatic_cp_1542sp-1_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7542-6UX00-0XE0"]},
"cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7542-6VX00-0XE0"]},
"cpe:/o:siemens:simatic_cp_1543sp-1_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6GK7543-6WX00-0XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware" :
{"versionEndExcluding" : "2.3", "family" : "S71500", "orderNumbers" : ["6AG2542-6VX00-4XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware" :
{"versionEndExcluding" : "2.3", "family" : "ET200", "orderNumbers" : ["6AG1543-6WX00-7XE0"]},
"cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware" :
{"versionEndExcluding" : "2.3", "family" : "ET200", "orderNumbers" : ["6AG2543-6WX00-4XE0"]},
"cpe:/o:siemens:simatic_s7-1500_tm_mfp" :
{"versionEndExcluding" : "1.1", "family" : "S71500", "orderNumbers": ["6ES7558-1AA00-0AB0"]},
"cpe:/o:siemens:scalance_xb205-3_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5205-3BB00-2AB2", "6GK5205-3BB00-2TB2", "6GK5205-3BD00-2TB2", "6GK5205-3BD00-2AB2"]},
"cpe:/o:siemens:scalance_xb205-3ld_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5205-3BF00-2TB2", "6GK5205-3BF00-2AB2"]},
"cpe:/o:siemens:scalance_xb208_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0BA00-2TB2", "6GK5208-0BA00-2AB2"]},
"cpe:/o:siemens:scalance_xb213-3_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5213-3BD00-2TB2", "6GK5213-3BD00-2AB2", "6GK5213-3BB00-2TB2", "6GK5213-3BB00-2AB2"]},
"cpe:/o:siemens:scalance_xb213-3ld_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5213-3BF00-2TB2", "6GK5213-3BF00-2AB2"]},
"cpe:/o:siemens:scalance_xb216_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0BA00-2TB2", "6GK5216-0BA00-2AB2"]},
"cpe:/o:siemens:scalance_xc206-2_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2BD00-2AC2", "6GK5206-2BB00-2AC2"]},
"cpe:/o:siemens:scalance_xc206-2g_poe_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2RS00-2AC2", "6GK5206-2RS00-5AC2"]},
"cpe:/o:siemens:scalance_xc206-2g_poe_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2RS00-5FC2"]},
"cpe:/o:siemens:scalance_xc206-2sfp_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2BS00-2AC2"]},
"cpe:/o:siemens:scalance_xc206-2sfp_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2BS00-2FC2"]},
"cpe:/o:siemens:scalance_xc206-2sfp_g_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2GS00-2AC2", "6GK5206-2GS00-2TC2"]},
"cpe:/o:siemens:scalance_xc206-2sfp_g_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5206-2GS00-2FC2"]},
"cpe:/o:siemens:scalance_xc208_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0BA00-2AC2"]},
"cpe:/o:siemens:scalance_xc208_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0BA00-2FC2"]},
"cpe:/o:siemens:scalance_xc208g_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0GA00-2TC2"]},
"cpe:/o:siemens:scalance_xc208g_eecfirmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0GA00-2FC2"]},
"cpe:/o:siemens:scalance_xc208g_poe_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0RA00-2AC2"]},
"cpe:/o:siemens:scalance_xc216_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0BA00-2AC2"]},
"cpe:/o:siemens:scalance_xc216-3g_poe_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-3RS00-2AC2", "6GK5216-3RS00-5AC2"]},
"cpe:/o:siemens:scalance_xc216-4c_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-4BS00-2AC2"]},
"cpe:/o:siemens:scalance_xc216-4c_g_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-4GS00-2AC2", "6GK5216-4GS00-2TC2"]},
"cpe:/o:siemens:scalance_xc216-4c_g_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-4GS00-2FC2"]},
"cpe:/o:siemens:scalance_xc216eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0BA00-2FC2"]},
"cpe:/o:siemens:scalance_xc224_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5224-0BA00-2AC2"]},
"cpe:/o:siemens:scalance_xc224-4c_g_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5224-4GS00-2AC2", "6GK5224-4GS00-2TC2"]},
"cpe:/o:siemens:scalance_xc224-4c_g_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5224-4GS00-2FC2"]},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5204-0BA00-2GF2"]},
"cpe:/o:siemens:scalance_xf204_dna_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5204-0BA00-2YF2"]},
"cpe:/o:siemens:scalance_xf204-2ba_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5204-2AA00-2GF2"]},
"cpe:/o:siemens:scalance_xf204-2ba_dna_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5204-2AA00-2YF2"]},
"cpe:/o:siemens:scalance_xp208_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0HA00-2AS6", "6GK5208-0HA00-2TS6"]},
"cpe:/o:siemens:scalance_xp208eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0HA00-2ES6"]},
"cpe:/o:siemens:scalance_xp208poe_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5208-0UA00-5ES6"]},
"cpe:/o:siemens:scalance_xp216_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0HA00-2AS6", "6GK5216-0HA00-2TS6"]},
"cpe:/o:siemens:scalance_xp216eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0HA00-2ES6"]},
"cpe:/o:siemens:scalance_xp216poe_eec_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers": ["6GK5216-0UA00-5ES6"]},
"cpe:/o:siemens:scalance_xr324wg_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX300", "orderNumbers": ["6GK5324-0BA00-3AR3", "6GK5324-0BA00-2AR3"]},
"cpe:/o:siemens:scalance_xr326-2c_poe_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX300", "orderNumbers": ["6GK5326-2QS00-3AR3", "6GK5326-2QS00-3RR3"]},
"cpe:/o:siemens:scalance_xr328-4c_wg_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX300", "orderNumbers": ["6GK5328-4FS00-3AR3", "6GK5328-4FS00-3RR3", "6GK5328-4FS00-2AR3", "6GK5328-4FS00-2RR3", "6GK5328-4SS00-3AR3", "6GK5328-4SS00-2AR3"]},
"cpe:/o:siemens:scalance_xr524-8c_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX500", "orderNumbers": ["6GK5524-8GS00-3AR2", "6GK5524-8GR00-3AR2", "6GK5524-8GS00-4AR2", "6GK5524-8GR00-4AR2", "6GK5524-8GS00-2AR2", "6GK5524-8GR00-2AR2"]},
"cpe:/o:siemens:scalance_xr526-8c_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX500", "orderNumbers": ["6GK5526-8GS00-3AR2", "6GK5526-8GR00-3AR2", "6GK5526-8GR00-4AR2", "6GK5526-8GS00-4AR2", "6GK5526-8GS00-2AR2", "6GK5526-8GR00-2HR2"]},
"cpe:/o:siemens:scalance_xr528-6m_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX500", "orderNumbers": ["6GK5528-0AA00-2HR2", "6GK5528-0AR00-2HR2", "6GK5528-0AA00-2AR2", "6GK5528-0AR00-2AR2"]},
"cpe:/o:siemens:scalance_xr552-12m_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX500", "orderNumbers": ["6GK5552-0AA00-2HR2", "6GK5552-0AR00-2HR2", "6GK5552-0AR00-2AR2", "6GK5552-0AA00-2AR2"]},
"cpe:/o:siemens:siplus_net_scalance_xc206-2_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers" : ["6AG1206-2BB00-7AC2"]},
"cpe:/o:siemens:siplus_net_scalance_xc206-2sfp_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers" : ["6AG1206-2BS00-7AC2"]},
"cpe:/o:siemens:siplus_net_scalance_xc208_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers" : ["6AG1208-0BA00-7AC2"]},
"cpe:/o:siemens:siplus_net_scalance_xc216-4c_firmware" :
{"versionEndExcluding" : "4.5", "family" : "SCALANCEX200", "orderNumbers" : ["6AG1216-4BS00-7AC2"]},
"cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:2.9.7" :
{"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7615-4DF10-0AB0"]},
"cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:3.0.3" :
{"versionStartIncluding" : "3.0.1", "versionEndExcluding" : "3.0.3", "family" : "S71500", "orderNumbers" : ["6ES7615-4DF10-0AB0"]},
"cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:2.9.7" :
{"versionEndExcluding" : "2.9.7", "family" : "S71500", "orderNumbers" : ["6ES7615-7DF10-0AB0"]},
"cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:3.0.3" :
{"versionStartIncluding" : "3.0.1", "versionEndExcluding" : "3.0.3", "family" : "S71500", "orderNumbers" : ["6ES7615-7DF10-0AB0"]},
"cpe:/o:siemens:simatic_et200pro_firmware:2.9.7" :
{"versionEndExcluding" : "2.9.7", "family" : "ET200", "orderNumbers" : ["6ES7513-2GL00-0AB0","6ES7513-2PL00-0AB0","6ES7516-2GN00-0AB0","6ES7516-2PN00-0AB0"]},
"cpe:/o:siemens:simatic_et200pro_firmware:3.2.19" :
{"versionEndExcluding" : "3.2.19", "family" : "ET200", "orderNumbers" : ["6ES7154-8AB01-0AB0","6ES7154-8FB01-0AB0","6ES7154-8FX00-0AB0","6ES7151-8AB01-0AB0","6ES7151-8FB01-0AB0","6AG1151-8AB01-7AB0","6AG1151-8FB01-2AB0"]},
"cpe:/o:siemens:simatic_et200sp_firmware:-" :
{"family" : "ET200SP", "orderNumbers" : ["6AG1512-1SK00-2AB0"]},
"cpe:/o:siemens:simatic_et200sp_firmware:2.9.7" :
{"versionEndExcluding" : "2.9.7", "family" : "ET200SP", "orderNumbers" : ["6AG1510-1SJ01-2AB0","6AG2510-1SJ01-1AB0","6AG1510-1DJ01-2AB0","6AG1510-1DJ01-7AB0","6AG2510-1DJ01-1AB0","6AG2510-1DJ01-4AB0","6AG1512-1SK01-2AB0","6AG1512-1SK01-7AB0","6AG2512-1SK01-1AB0","6AG2512-1SK01-4AB0","6AG1512-1DK01-2AB0","6AG1512-1DK01-7AB0","6AG2512-1DK01-1AB0","6AG2512-1DK01-4AB0"]},
"cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.2.19" :
{"family" : "S7300", "orderNumbers" : ["6ES7315-2EH14-0AB0","6ES7315-2FJ14-0AB0","6ES7315-7TJ10-0AB0","6ES7317-2EK14-0AB0","6ES7317-2FK14-0AB0","6ES7317-7TK10-0AB0","6ES7317-7UL10-0AB0","6ES7318-3EL01-0AB0","6ES7318-3FL01-0AB0","6AG1315-2EH14-7AB0","6AG1315-2FJ14-2AB0","6AG1317-2EK14-7AB0","6AG1317-2FK14-2AB0"]},
"cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.3.19" :
{"family" : "S7300", "orderNumbers" : ["6ES7314-6EH04-0AB0","6AG1314-6EH04-7AB0"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
cert-portal.siemens.com/productcert/html/ssa-203374.html
cert-portal.siemens.com/productcert/html/ssa-264814.html
cert-portal.siemens.com/productcert/html/ssa-398330.html
cert-portal.siemens.com/productcert/html/ssa-625862.html
cert-portal.siemens.com/productcert/html/ssa-699386.html
cert-portal.siemens.com/productcert/html/ssa-794697.html
cert-portal.siemens.com/productcert/html/ssa-879734.html
www.cisa.gov/news-events/ics-advisories/icsa-23-075-04
www.cisa.gov/news-events/ics-advisories/icsa-24-165-10
www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
www.openssl.org/news/secadv/20230207.txt
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
55.2%