Detections
Analytics
Siemens SIMATIC NET CP 443-1 OPC UA Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2017-6458)
high Tenable OT Security Plugin ID 501087
Synopsis
The remote OT asset is affected by a vulnerability.Description
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default.
- Configure an additional firewall to prevent communication to Port UDP/123 of an affected device.
As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the product manual.
Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information about this issue, please see Siemens security advisory SSA-211752
See Also
http://www.securitytracker.com/id/1038123
http://www.nessus.org/u?68156231
http://support.ntp.org/bin/view/Main/NtpBug3379
http://www.securityfocus.com/bid/97051
https://support.apple.com/HT208144
https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11
http://www.nessus.org/u?547120eb
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Plugin Details
Severity: High
ID: 501087
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 5/2/2023
Updated: 7/24/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2017-6458
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:simatic_net_cp_443-1_opc_ua_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 3/27/2017
Vulnerability Publication Date: 3/27/2017
Reference Information
CVE: CVE-2017-6458
CWE: 119