Detections
Analytics
Siemens SCALANCE, SIMATIC S7-1500 Generation of Error Message Containing Sensitive Information (CVE-2018-12886)
high Tenable OT Security Plugin ID 504085
Synopsis
The remote OT asset is affected by a vulnerability.Description
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector,-fstack-protector-all, -fstack-protector-strong, and -fstack- protector-explicit against stack overflow by controlling what the stack canary is compared against.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.For Scalance devices, Siemens recommends updating the software to v2.0 or later.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' operational guidelines for Industrial Security and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the Siemens webpage for Industrial Security.
For further inquiries on security vulnerabilities in Siemens products and solutions, users should contact the Siemens ProductCERT.
For more information, see the associated Siemens security advisory SSA-565386 in HTML and CSAF.
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-565386.pdf
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
https://support.industry.siemens.com/cs/ww/en/view/109815650/
https://support.industry.siemens.com/cs/ww/en/view/109478459/
https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-07
Plugin Details
Severity: High
ID: 504085
File Name: tenable_ot_siemens_CVE-2018-12886.nasl
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 11/13/2025
Updated: 3/5/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:scalance_wam766-1_%28eu%29_firmware:2.0, cpe:/o:siemens:scalance_wam766-1_%28us%29_firmware:2.0, cpe:/o:siemens:scalance_wam763-1_firmware:2.0, cpe:/o:siemens:simatic_s7-1500_cpu_firmware:3.1.5, cpe:/o:siemens:scalance_wum766-1_%28us%29_firmware:2.0, cpe:/o:siemens:scalance_wam766-1_eec_%28us%29_firmware:2.0, cpe:/o:siemens:scalance_wum763-1_firmware:2.0, cpe:/o:siemens:scalance_wam766-1_eec_%28eu%29_firmware:2.0, cpe:/o:siemens:scalance_wum766-1_%28eu%29_firmware:2.0, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:3.1.5
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 3/14/2023
Vulnerability Publication Date: 3/14/2023
Reference Information
CVE: CVE-2018-12886
CWE: 209
ICSA: 23-080-07