Detections
Analytics
Siemens OpenSSL in Industrial Products (CVE-2021-3449)
medium Tenable OT Security Plugin ID 500504
Synopsis
The remote OT asset is affected by a vulnerability.Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has released updates for several affected products and recommends updating to the latest versions available.
Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available. Please see Siemens SSA-772220 to determine if there is an update available.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens.
Additional Reference: SSA-772220 (PDF)
Additional Reference: SSA-772220 (TXT)
Additional Reference: SSA-772220 (CSAF)
See Also
https://www.tenable.com/security/tns-2021-09
https://security.netapp.com/advisory/ntap-20210513-0002/
https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-05
https://www.tenable.com/security/tns-2021-10
https://www.oracle.com/security-alerts/cpuApr2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://www.oracle.com//security-alerts/cpujul2021.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.nessus.org/u?6aafb4b2
https://www.openssl.org/news/secadv/20210325.txt
http://www.nessus.org/u?8a21cd9d
https://www.debian.org/security/2021/dsa-4875
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://security.gentoo.org/glsa/202103-03
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-05
http://www.nessus.org/u?9e6d325e
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
Plugin Details
Severity: Medium
ID: 500504
Version: 1.9
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 12/12/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2021-3449
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:ruggedcom_rcm1224_firmware, cpe:/o:siemens:scalance_lpe9403_firmware, cpe:/o:siemens:scalance_m-800_firmware, cpe:/o:siemens:scalance_s602_firmware, cpe:/o:siemens:scalance_s612_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:scalance_s623_firmware, cpe:/o:siemens:scalance_s627-2m_firmware, cpe:/o:siemens:scalance_sc-600_firmware, cpe:/o:siemens:scalance_w1700_firmware, cpe:/o:siemens:scalance_w700_firmware, cpe:/o:siemens:scalance_xb-200_firmware, cpe:/o:siemens:scalance_xc-200_firmware, cpe:/o:siemens:scalance_xf-200ba_firmware, cpe:/o:siemens:scalance_xm-400_firmware, cpe:/o:siemens:scalance_xp-200_firmware, cpe:/o:siemens:scalance_xr-300wg_firmware, cpe:/o:siemens:scalance_xr524-8c_firmware, cpe:/o:siemens:scalance_xr526-8c_firmware, cpe:/o:siemens:scalance_xr528-6m_firmware, cpe:/o:siemens:scalance_xr552-12_firmware, cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware, cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-, cpe:/o:siemens:simatic_net_cp1243-7_lte_eu_firmware, cpe:/o:siemens:simatic_net_cp1243-7_lte_us_firmware, cpe:/o:siemens:simatic_net_cp_1243-1_firmware, cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware, cpe:/o:siemens:simatic_net_cp_1543-1_firmware, cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware, cpe:/o:siemens:simatic_net_cp_1545-1_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/25/2021
Vulnerability Publication Date: 3/25/2021
Reference Information
CVE: CVE-2021-3449