Detections
Analytics
Siemens SCALANCE W1750D Devices Improper Input Validation (CVE-2023-0286)
high Tenable OT Security Plugin ID 501841
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability exists in the OpenSSL that affects SCALANCE W1750D device.A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- CVE-2023-0286: Disable CRL (certification revocation list) checking, if possible.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for Industrial Security. Additional information on Siemens Industrial Security can be found here.
For more information, see the associated Siemens security advisory SSA-203374 in HTML and CSAF.
See Also
https://www.openssl.org/news/secadv/20230207.txt
https://cert-portal.siemens.com/productcert/html/ssa-203374.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04
Plugin Details
Severity: High
ID: 501841
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 12/19/2023
Updated: 4/13/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:C
CVSS Score Source: CVE-2023-0286
CVSS v3
Risk Factor: High
Base Score: 7.4
Temporal Score: 6.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:scalance_w1750d_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 3/14/2023
Reference Information
CVE: CVE-2023-0286
CWE: 20