Detections
Analytics
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)
high Tenable OT Security Plugin ID 500995
Synopsis
The remote OT asset is affected by a vulnerability.Description
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens recommends applying updates, where available:
- RUGGEDCOM RM 1224: Update to v6.1
- RUGGEDCOM ROX II: Update to v2.13.3
- SCALANCE M-800 family: Update to v6.1
- SCALANCE S615: Update to v6.1
- SCALANCE SC-600: Update to v2.0 or later version
- SCALANCE W1700 IEEE 802.11 ac: Update to v2.0
- SCALANCE W700 IEEE 802.11a/b/g/n: Update to v6.4
- SIMATIC CP 1242-7 and 1243-1 (incl. SIPLUS NET variants): Update to v3.2
- SIMATIC CP 1243-7 LTE EU & US: Update to v3.2
- SIMATIC CP 1243-8 IRC: Update to v3.2
- SIMATIC CP 1542SP-1 and 1542SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC 1543SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants): Update to v2.2
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants): Update to v2.1
- SINEMA Remote Connect Server: Update to v2.1
- SIMATIC RF 18xC/CI: Update to v1.3 or later
Siemens has not identified any specific mitigations or workarounds and recommends following their general security recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-377115
See Also
https://www.kb.cert.org/vuls/id/641765
http://www.nessus.org/u?fbfb7b03
https://www.debian.org/security/2018/dsa-4272
https://usn.ubuntu.com/3742-2/
https://www.cisa.gov/news-events/ics-advisories/icsa-20-105-05
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3740-1/
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
http://www.securitytracker.com/id/1041476
http://www.securityfocus.com/bid/105108
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
http://www.securitytracker.com/id/1041637
https://access.redhat.com/errata/RHSA-2018:2791
https://access.redhat.com/errata/RHSA-2018:2785
https://security.netapp.com/advisory/ntap-20181003-0002/
https://access.redhat.com/errata/RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2924
https://access.redhat.com/errata/RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:3540
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.nessus.org/u?a9deb46b
http://www.nessus.org/u?13522391
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
Plugin Details
Severity: High
ID: 500995
Version: 1.4
Type: remote
Family: Tenable.ot
Published: 4/11/2023
Updated: 9/14/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2018-5391
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:simatic_net_cp_1543-1_firmware, cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware, cpe:/o:siemens:ruggedcom_rm1224_firmware, cpe:/o:siemens:scalance_m-800_series_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:scalance_sc-600_series_firmware, cpe:/o:siemens:scalance_w1700_series_firmware, cpe:/o:siemens:scalance_w700_series_firmware, cpe:/o:siemens:simatic_net_cp_1242-7_firmware, cpe:/o:siemens:simatic_net_cp_1243-1_firmware, cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware, cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware, cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 9/6/2018
Vulnerability Publication Date: 9/6/2018
Reference Information
CVE: CVE-2018-5391
CWE: 20
DSA: DSA-4272
RHSA: RHSA-2018:2785, RHSA-2018:2791, RHSA-2018:2846, RHSA-2018:2924, RHSA-2018:2925, RHSA-2018:2933, RHSA-2018:2948, RHSA-2018:3083, RHSA-2018:3096, RHSA-2018:3459, RHSA-2018:3540, RHSA-2018:3586, RHSA-2018:3590
USN: USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3742-1, USN-3742-2