Detections
Analytics
Siemens SIPROTEC 5 Devices Uncontrolled Resource Consumption (CVE-2022-45044)
medium Tenable OT Security Plugin ID 500719
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- Restrict access to ports 443/TCP and 4443/TCP to trusted only IP addresses.
Operators of critical power systems worldwide are usually required by regulations to build resilience into power grids by applying multi-level redundant secondary protection schemes. Therefore, Siemens recommends operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update prior to application, and supervision by trained staff of the update process in the target environment.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and to follow the recommendations in the product manuals. For more information, see the associated Siemens security advisory SSA-408105 in HTML and CSAF.
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-11
Plugin Details
Severity: Medium
ID: 500719
Version: 1.7
Type: remote
Family: Tenable.ot
Published: 1/5/2023
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2022-45044
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:siprotec_5_6md85_firmware:-, cpe:/o:siemens:siprotec_5_6md86_firmware:-, cpe:/o:siemens:siprotec_5_6md89_firmware:-, cpe:/o:siemens:siprotec_5_6mu85_firmware:-, cpe:/o:siemens:siprotec_5_7ke85_firmware:-, cpe:/o:siemens:siprotec_5_7sa82_firmware:-, cpe:/o:siemens:siprotec_5_7sa86_firmware:-, cpe:/o:siemens:siprotec_5_7sa87_firmware:-, cpe:/o:siemens:siprotec_5_7sd82_firmware:-, cpe:/o:siemens:siprotec_5_7sd86_firmware:-, cpe:/o:siemens:siprotec_5_7sd87_firmware:-, cpe:/o:siemens:siprotec_5_7sj81_firmware:-, cpe:/o:siemens:siprotec_5_7sj82_firmware:-, cpe:/o:siemens:siprotec_5_7sj85_firmware:-, cpe:/o:siemens:siprotec_5_7sj86_firmware:-, cpe:/o:siemens:siprotec_5_7sk82_firmware:-, cpe:/o:siemens:siprotec_5_7sk85_firmware:-, cpe:/o:siemens:siprotec_5_7sl82_firmware:-, cpe:/o:siemens:siprotec_5_7sl86_firmware:-, cpe:/o:siemens:siprotec_5_7sl87_firmware:-, cpe:/o:siemens:siprotec_5_7ss85_firmware:-, cpe:/o:siemens:siprotec_5_7st85_firmware:-, cpe:/o:siemens:siprotec_5_7sx85_firmware:-, cpe:/o:siemens:siprotec_5_7um85_firmware:-, cpe:/o:siemens:siprotec_5_7ut82_firmware:-, cpe:/o:siemens:siprotec_5_7ut85_firmware:-, cpe:/o:siemens:siprotec_5_7ut86_firmware:-, cpe:/o:siemens:siprotec_5_7ut87_firmware:-, cpe:/o:siemens:siprotec_5_7ve85_firmware:-, cpe:/o:siemens:siprotec_5_7vk87_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethba2el_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-, cpe:/o:siemens:siprotec_5_compact_7sx800_firmware:-
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 12/13/2022
Vulnerability Publication Date: 12/13/2022
Reference Information
CVE: CVE-2022-45044
CWE: 400