Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer

critical Tenable.ot Plugin ID 500484
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Solution

Refer to vendor advisory for Security Updates

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf

Plugin Details

Severity: Critical

ID: 500484

Version: 1.0

Type: local

Family: SCADA

Published: 8/10/2021

Updated: 8/10/2021

Risk Information

CVSS Score Source: CVE-2020-15782

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:*:*:*:*:*:*:*:*, cpe:2.3:a:siemens:simatic_s7-1500__software_controller:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:s7-1200_cpu_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:s7-1500_cpu_firmware:*:*:*:*:*:*:*:*, cpe:2.3:o:siemens:simatic_driver_controller_firmware:*:*:*:*:*:*:*:*

Patch Publication Date: 5/28/2021

Vulnerability Publication Date: 5/28/2021

Reference Information

CVE: CVE-2020-15782