Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer

high Tenable.ot Plugin ID 500424
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Solution

Refer to vendor advisory for Security Updates

See Also

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/59347

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

http://www.kerio.com/support/kerio-control/release-history

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

https://filezilla-project.org/versions.php?type=server

http://advisories.mageia.org/MGASA-2014-0165.html

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://cogentdatahub.com/ReleaseNotes.html

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

http://heartbleed.com/

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

http://marc.info/?l=bugtraq&m=139722163017074&w=2

http://marc.info/?l=bugtraq&m=139757726426985&w=2

http://marc.info/?l=bugtraq&m=139757819327350&w=2

http://marc.info/?l=bugtraq&m=139757919027752&w=2

http://marc.info/?l=bugtraq&m=139758572430452&w=2

http://marc.info/?l=bugtraq&m=139765756720506&w=2

http://marc.info/?l=bugtraq&m=139774054614965&w=2

http://marc.info/?l=bugtraq&m=139774703817488&w=2

http://marc.info/?l=bugtraq&m=139808058921905&w=2

http://marc.info/?l=bugtraq&m=139817685517037&w=2

http://marc.info/?l=bugtraq&m=139817727317190&w=2

http://marc.info/?l=bugtraq&m=139817782017443&w=2

http://marc.info/?l=bugtraq&m=139824923705461&w=2

http://marc.info/?l=bugtraq&m=139824993005633&w=2

http://marc.info/?l=bugtraq&m=139833395230364&w=2

http://marc.info/?l=bugtraq&m=139835815211508&w=2

http://marc.info/?l=bugtraq&m=139835844111589&w=2

http://marc.info/?l=bugtraq&m=139836085512508&w=2

http://marc.info/?l=bugtraq&m=139842151128341&w=2

http://marc.info/?l=bugtraq&m=139843768401936&w=2

http://marc.info/?l=bugtraq&m=139869720529462&w=2

http://marc.info/?l=bugtraq&m=139869891830365&w=2

http://marc.info/?l=bugtraq&m=139889113431619&w=2

http://marc.info/?l=bugtraq&m=139889295732144&w=2

http://marc.info/?l=bugtraq&m=139905202427693&w=2

http://marc.info/?l=bugtraq&m=139905243827825&w=2

http://marc.info/?l=bugtraq&m=139905295427946&w=2

http://marc.info/?l=bugtraq&m=139905351928096&w=2

http://marc.info/?l=bugtraq&m=139905405728262&w=2

http://marc.info/?l=bugtraq&m=139905458328378&w=2

http://marc.info/?l=bugtraq&m=139905653828999&w=2

http://marc.info/?l=bugtraq&m=139905868529690&w=2

http://marc.info/?l=bugtraq&m=140015787404650&w=2

http://marc.info/?l=bugtraq&m=140075368411126&w=2

http://marc.info/?l=bugtraq&m=140724451518351&w=2

http://marc.info/?l=bugtraq&m=141287864628122&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

http://rhn.redhat.com/errata/RHSA-2014-0376.html

http://rhn.redhat.com/errata/RHSA-2014-0377.html

http://rhn.redhat.com/errata/RHSA-2014-0378.html

http://rhn.redhat.com/errata/RHSA-2014-0396.html

http://seclists.org/fulldisclosure/2014/Apr/109

http://seclists.org/fulldisclosure/2014/Apr/173

http://seclists.org/fulldisclosure/2014/Apr/190

http://seclists.org/fulldisclosure/2014/Apr/90

http://seclists.org/fulldisclosure/2014/Apr/91

http://secunia.com/advisories/57347

http://secunia.com/advisories/57483

http://secunia.com/advisories/57721

http://secunia.com/advisories/57836

http://secunia.com/advisories/57966

http://secunia.com/advisories/57968

http://secunia.com/advisories/59139

http://secunia.com/advisories/59243

http://support.citrix.com/article/CTX140605

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

http://www.blackberry.com/btsc/KB35882

http://www.debian.org/security/2014/dsa-2896

http://www.exploit-db.com/exploits/32745

http://www.exploit-db.com/exploits/32764

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

http://www.kb.cert.org/vuls/id/720951

http://www.openssl.org/news/secadv_20140407.txt

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

http://www.securityfocus.com/bid/66690

http://www.securitytracker.com/id/1030026

http://www.securitytracker.com/id/1030074

http://www.securitytracker.com/id/1030077

http://www.securitytracker.com/id/1030078

http://www.securitytracker.com/id/1030079

http://www.securitytracker.com/id/1030080

http://www.securitytracker.com/id/1030081

http://www.securitytracker.com/id/1030082

http://www.splunk.com/view/SP-CAAAMB3

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

http://www.ubuntu.com/usn/USN-2165-1

http://www.us-cert.gov/ncas/alerts/TA14-098A

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

https://code.google.com/p/mod-spdy/issues/detail?id=85

https://gist.github.com/chapmajs/10473815

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

https://www.cert.fi/en/reports/2014/vulnerability788210.html

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Plugin Details

Severity: High

ID: 500424

Version: 1.0

Type: local

Family: SCADA

Published: 8/10/2021

Updated: 8/10/2021

Risk Information

CVSS Score Source: CVE-2014-0160

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*, cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*, cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*, cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*, cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*, cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*, cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*, cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*, cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*, cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*, cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*, cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*, cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*, cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*, cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*, cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*, cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*, cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*, cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*, cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*, cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*, cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*, cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*, cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*, cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*, cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*, cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*, cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*, cpe:2.3:o:redhat:virtualization:6.0:*:*:*:*:*:*:*, cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*, cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*, cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*, cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*

Patch Publication Date: 4/7/2014

Vulnerability Publication Date: 4/7/2014

Reference Information

CVE: CVE-2014-0160