Detections
Analytics

Siemens SIMATIC NET CP 443-1 OPC UA Improper Input Validation (CVE-2016-9042)

medium Tenable OT Security Plugin ID 501098

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default.
- Configure an additional firewall to prevent communication to Port UDP/123 of an affected device.

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the product manual.

Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information about this issue, please see Siemens security advisory SSA-211752

See Also

http://www.nessus.org/u?39eeaa66

https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc

http://www.securitytracker.com/id/1039427

http://www.securitytracker.com/id/1038123

http://www.securityfocus.com/bid/97046

http://www.nessus.org/u?547120eb

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

https://kc.mcafee.com/corporate/index?page=content&id=SB10201

http://seclists.org/fulldisclosure/2017/Nov/7

http://seclists.org/fulldisclosure/2017/Sep/62

https://support.f5.com/csp/article/K39041624

http://www.securityfocus.com/archive/1/540403/100/0/threaded

https://bto.bluecoat.com/security-advisory/sa147

http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded

http://www.nessus.org/u?8c049474

http://www.nessus.org/u?465d82c2

http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded

http://www.nessus.org/u?0d2e6e6d

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

http://www.ubuntu.com/usn/USN-3349-1

https://support.apple.com/kb/HT208144

Plugin Details

Severity: Medium

ID: 501098

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 5/2/2023

Updated: 7/24/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2016-9042

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_net_cp_443-1_opc_ua_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2018

Vulnerability Publication Date: 6/4/2018

Reference Information

CVE: CVE-2016-9042

CWE: 20

FEDORA: FEDORA-2017-20d54b2782

FREEBSD: FreeBSD-SA-17:03

USN: USN-3349-1