Detections
Analytics

Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)

high Tenable OT Security Plugin ID 500676

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests.
This could allow an unauthenticated remote attacker to crash affected devices.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends updating to the latest version of its software if available:

- The products listed are only affected up to v5.2.6. Update to v5.2.6 or later

Siemens has identified the following specific workarounds and mitigations that customers can implement to reduce exploitation risk:

- Restrict access to the affected systems, especially on port 80/TCP and port 443/TCP, to trusted IP addresses
- Deactivate the webserver if not required and if deactivation is supported by the product

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ Operational Guidelines for Industrial Security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-310038.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-01

Plugin Details

Severity: High

ID: 500676

Version: 1.10

Type: remote

Family: Tenable.ot

Published: 7/21/2022

Updated: 4/11/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-26648

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.1

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x200-4p_irt_firmware, cpe:/o:siemens:scalance_x201-3p_irt_firmware, cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware, cpe:/o:siemens:scalance_x202-2irt_firmware, cpe:/o:siemens:scalance_x202-2p_irt_firmware, cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware, cpe:/o:siemens:scalance_x204-2_firmware, cpe:/o:siemens:scalance_x204-2fm_firmware, cpe:/o:siemens:scalance_x204-2ld_firmware, cpe:/o:siemens:scalance_x204-2ld_ts_firmware, cpe:/o:siemens:scalance_x204-2ts_firmware, cpe:/o:siemens:scalance_x204irt_firmware, cpe:/o:siemens:scalance_x204irt_pro_firmware, cpe:/o:siemens:scalance_x206-1_firmware, cpe:/o:siemens:scalance_x206-1ld_firmware, cpe:/o:siemens:scalance_x208_firmware, cpe:/o:siemens:scalance_x208_pro_firmware, cpe:/o:siemens:scalance_x212-2_firmware, cpe:/o:siemens:scalance_x212-2ld_firmware, cpe:/o:siemens:scalance_x216_firmware, cpe:/o:siemens:scalance_x224_firmware, cpe:/o:siemens:scalance_xf201-3p_irt_firmware, cpe:/o:siemens:scalance_xf202-2p_irt_firmware, cpe:/o:siemens:scalance_xf204-2_firmware, cpe:/o:siemens:scalance_xf204-2ba_irt_firmware, cpe:/o:siemens:scalance_xf204_firmware, cpe:/o:siemens:scalance_xf204irt_firmware, cpe:/o:siemens:scalance_xf206-1_firmware, cpe:/o:siemens:scalance_xf208_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/12/2022

Vulnerability Publication Date: 7/12/2022

Reference Information

CVE: CVE-2022-26648

CWE: 120