Detections
Analytics

Siemens PROFINET Devices Allocation of Resources Without Limits or Throttling (CVE-2020-28400)

high Tenable OT Security Plugin ID 500533

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has provided remediations for the following affected products:

- SCALANCE X300 switch family: Update to v4.1.4.3 or later version
- SCALANCE X408 (incl. SIPLUS Net variants): Update to v4.1.4.3 or later version
- SCALANCE W-1700 family: Update to v3.0.0 or later version

- SIMATIC NET CM 1542-1, All versions prior to v3.0: Update to v3.0 or later version
- SCALANCE X204-2 (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X204-2FM, All versions: Update to v5.2.5 or later version
- SCALANCE X204-2LD (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X204-2LD TS, All versions: Update to v5.2.5 or later version
- SCALANCE X204 -2TS, All versions: Update to v5.2.5 or later version
- SCALANCE X206-1, All versions: Update to v5.2.5 or later version
- SCALANCE X206-1LD (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X208 (incl. SIPLUS NET variant), All versions: Update to v5.2.5 or later version
- SCALANCE X208PRO, All versions: Update to v5.2.5 or later version
- SCALANCE X212-2, All versions: Update to v5.2.5 or later version
- SCALANCE X212-2LD, All versions: Update to v5.2.5 or later version
- SCALANCE X216, All versions: Update to v5.2.5 or later version
- SCALANCE X224, All versions: Update to v5.2.5 or later version
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: Update to v4.7or later version
- SCALANCE XR-300WG, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XB-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XP-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XC-200, All versions prior to v4.3: Update to v4.3 or later version
- SCALANCE XF-200BA, All versions prior to v4.3: Update to v4.3 or later version
- RUGGEDCOM RM1224, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE M-800, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE S615, All versions prior to v6.4: Update to v6.4 or later version
- SCALANCE X200-4 P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X201-3P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X201-3P IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2P IRT (incl. SIPLUS NET variant), All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X202-2P IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X204 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE X204 IRT PRO, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF201-3P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF202-2P IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF204 IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XF204-2BA IRT, All versions prior to v5.5.0: Update to v5.5.0 or later version
- SCALANCE XM400, All versions prior to v6.3.1: Update to v6.3.1 or later version
- SCALANCE XR500, All versions prior to v6.3.1: Update to v6.3.1 or later version
- SIMATIC MV500 family, All versions prior to v3.0: Update to v3.0 or later version
- SIMATIC S7-1200 CPU family (incl. SIPLUS variants), All versions prior to v4.5: Update to v4.5 or later version
- SIMOCODE proV Ethernet/IP, All versions prior to v1.1.3: Update to v1.1.3 or later version
- SIMOCODE proV PROFINET, All versions prior to v2.1.3: Update to v2.1.3 or later version

Siemens has also identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Block incoming PROFINET Discovery and Configuration Protocol (PCP) packets (Ethertype 0x8892, Frame-ID: 0xfefe) from untrusted networks.
- Disable PROFINET in products, where PROFINET is optional and not used in the environment.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.

Additional information on Industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information about this vulnerability and the associated remediations, please see Siemens publication number SSA-599968

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03

Plugin Details

Severity: High

ID: 500533

Version: 1.11

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-28400

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_xc-200_firmware, cpe:/o:siemens:scalance_xf-200ba_firmware, cpe:/o:siemens:scalance_xf201-3p_irt_firmware, cpe:/o:siemens:scalance_xf202-2p_irt_firmware, cpe:/o:siemens:scalance_xf204-2_firmware, cpe:/o:siemens:scalance_xf204-2ba_irt_firmware, cpe:/o:siemens:scalance_xf204_firmware, cpe:/o:siemens:scalance_xf204_irt_firmware, cpe:/o:siemens:scalance_xf206-1_firmware, cpe:/o:siemens:scalance_xf208_firmware, cpe:/o:siemens:scalance_xm400_firmware, cpe:/o:siemens:scalance_xp-200_firmware, cpe:/o:siemens:scalance_xr-300wg_firmware, cpe:/o:siemens:scalance_xr324-12m_firmware, cpe:/o:siemens:scalance_xr324-12m_ts_firmware, cpe:/o:siemens:scalance_xr324-4m_eec_firmware, cpe:/o:siemens:scalance_xr324-4m_poe_firmware, cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware, cpe:/o:siemens:scalance_xr500_firmware, cpe:/o:siemens:ruggedcom_rm1224_firmware, cpe:/o:siemens:scalance_m-800_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:scalance_w1700_firmware, cpe:/o:siemens:scalance_w700_firmware, cpe:/o:siemens:scalance_x200-4_p_irt_firmware, cpe:/o:siemens:scalance_x201-3p_irt_firmware, cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware, cpe:/o:siemens:scalance_x202-2_irt_firmware, cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware, cpe:/o:siemens:scalance_x204-2_firmware, cpe:/o:siemens:scalance_x204-2fm_firmware, cpe:/o:siemens:scalance_x204-2ld_firmware, cpe:/o:siemens:scalance_x204-2ld_ts_firmware, cpe:/o:siemens:scalance_x204-2ts_firmware, cpe:/o:siemens:scalance_x204_irt_firmware, cpe:/o:siemens:scalance_x204_irt_pro_firmware, cpe:/o:siemens:scalance_x206-1_firmware, cpe:/o:siemens:scalance_x206-1ld_firmware, cpe:/o:siemens:scalance_x208_firmware, cpe:/o:siemens:scalance_x208pro_firmware, cpe:/o:siemens:scalance_x212-2_firmware, cpe:/o:siemens:scalance_x212-2ld_firmware, cpe:/o:siemens:scalance_x216_firmware, cpe:/o:siemens:scalance_x224_firmware, cpe:/o:siemens:scalance_x302-7eec_firmware, cpe:/o:siemens:scalance_x304-2fe_firmware, cpe:/o:siemens:scalance_x306-1ldfe_firmware, cpe:/o:siemens:scalance_x307-2eec_firmware, cpe:/o:siemens:scalance_x307-3_firmware, cpe:/o:siemens:scalance_x307-3ld_firmware, cpe:/o:siemens:scalance_x308-2_firmware, cpe:/o:siemens:scalance_x308-2ld_firmware, cpe:/o:siemens:scalance_x308-2lh%2b_firmware, cpe:/o:siemens:scalance_x308-2lh_firmware, cpe:/o:siemens:scalance_x308-2m_firmware, cpe:/o:siemens:scalance_x308-2m_poe_firmware, cpe:/o:siemens:scalance_x308-2m_ts_firmware, cpe:/o:siemens:scalance_x310_firmware, cpe:/o:siemens:scalance_x310fe_firmware, cpe:/o:siemens:scalance_x320-1fe_firmware, cpe:/o:siemens:scalance_x320-3ldfe_firmware, cpe:/o:siemens:scalance_xb-200_firmware, cpe:/o:siemens:simatic_s7-1200_firmware, cpe:/o:siemens:simatic_net_cm_1542-1_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/13/2021

Vulnerability Publication Date: 7/13/2021

Reference Information

CVE: CVE-2020-28400

CWE: 770