CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).
Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501998);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");
script_cve_id("CVE-2023-37195");
script_name(english:"Siemens SIMATIC CP Products Uncontrolled Resource Consumption (CVE-2023-37195)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SIMATIC CP 1604 (All versions),
SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions),
SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions).
Affected devices insufficiently control continuous mapping of direct
memory access (DMA) requests. This could allow local attackers with
administrative privileges to cause a denial of service situation on
the host. A physical power cycle is required to get the system working
again.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-37195");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1604_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1616_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1623_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1626_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_cp_1628_firmware:-");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:simatic_cp_1604_firmware:-" :
{"family" : "NETCP1600", "orderNumbers" : ["6GK1160-4AA01"]},
"cpe:/o:siemens:simatic_cp_1616_firmware:-" :
{"family" : "NETCP1600", "orderNumbers" : ["6GK1161-6AA02"]},
"cpe:/o:siemens:simatic_cp_1623_firmware:-" :
{"family" : "NETCP1600", "orderNumbers" : ["6GK1162-3AA00"]},
"cpe:/o:siemens:simatic_cp_1626_firmware:-" :
{"family" : "NETCP1600", "orderNumbers" : ["6GK1162-6AA01"]},
"cpe:/o:siemens:simatic_cp_1628_firmware:-" :
{"family" : "NETCP1600", "orderNumbers" : ["6GK1162-8AA00"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%