Detections
Analytics

Siemens SCALANCE XM-400 and XR-500 Devices Incorrect Calculation (CVE-2020-28393)

high Tenable OT Security Plugin ID 500900

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated remote attacker could create a permanent denial-of- service condition by sending specially crafted OSPF packets.
Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends applying updates where available:

- SCALANCE XM-400 Family: Update to v6.4 or later
- SCALANCE XR-500 Family: Update to v6.4 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Disable OSPF in layer 3 configuration menu (note OSPF is disabled by default). This vulnerability is not exploitable, when OSPF is disabled.
- If OSPF is used, set a password for the OSPF interface and enable MD5 authentication.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-116379

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-10

Plugin Details

Severity: High

ID: 500900

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 3/27/2023

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-28393

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_xm-400_series_firmware, cpe:/o:siemens:scalance_xr-500_series_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 5/12/2021

Vulnerability Publication Date: 5/12/2021

Reference Information

CVE: CVE-2020-28393

CWE: 682