Detections
Analytics
Siemens SIMATIC NET CP 443-1 OPC UA Out-of-Bounds Read (CVE-2016-2518)
medium Tenable OT Security Plugin ID 501089
Synopsis
The remote OT asset is affected by a vulnerability.Description
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default.
- Configure an additional firewall to prevent communication to Port UDP/123 of an affected device.
As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens operational guidelines for industrial security, and follow the recommendations in the product manual.
Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information about this issue, please see Siemens security advisory SSA-211752
See Also
https://www.kb.cert.org/vuls/id/718152
http://www.nessus.org/u?35946255
http://support.ntp.org/bin/view/Main/NtpBug3009
http://www.securityfocus.com/bid/88226
http://www.nessus.org/u?eb5f426b
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1035705
http://www.debian.org/security/2016/dsa-3629
https://security.netapp.com/advisory/ntap-20171004-0002/
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://access.redhat.com/errata/RHSA-2016:1141
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.nessus.org/u?ae82f1b1
http://www.nessus.org/u?5cfd023e
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
http://www.nessus.org/u?4ef1a5a8
http://www.nessus.org/u?98a21ef2
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.nessus.org/u?6628a33f
http://www.ubuntu.com/usn/USN-3096-1
http://www.nessus.org/u?cd1909c0
http://www.nessus.org/u?c59e7aad
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
http://www.nessus.org/u?15ac6fd1
http://www.nessus.org/u?9e4e2f01
http://www.nessus.org/u?f726e331
http://www.securityfocus.com/archive/1/538233/100/0/threaded
http://www.nessus.org/u?fa0d509b
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://support.f5.com/csp/article/K20804323
http://www.nessus.org/u?08f08020
Plugin Details
Severity: Medium
ID: 501089
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 5/2/2023
Updated: 7/24/2023
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2016-2518
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:simatic_net_cp_443-1_opc_ua_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 1/30/2017
Vulnerability Publication Date: 1/30/2017
Reference Information
CVE: CVE-2016-2518
CWE: 125
DSA: DSA-3629
FEDORA: FEDORA-2016-5b2eb0bf9c, FEDORA-2016-ed8c6c0426
FREEBSD: FreeBSD-SA-16:16
GLSA: GLSA-201607-15
RHSA: RHSA-2016:1141, RHSA-2016:1552
SuSE: SUSE-SU-2016:1278, SUSE-SU-2016:1291, SUSE-SU-2016:1471, SUSE-SU-2016:1568, SUSE-SU-2016:1912, SUSE-SU-2016:2094, openSUSE-SU-2016:1329, openSUSE-SU-2016:1423
USN: USN-3096-1