Detections
Analytics
ABB M2M Gateway Information Disclosure in embedded OpenSSL (CVE-2013-0169)
low Tenable OT Security Plugin ID 503248
Synopsis
The remote OT asset is affected by a vulnerability.Description
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://support.apple.com/kb/HT5880
http://www.matrixssl.org/news.html
http://www.openssl.org/news/secadv_20130204.txt
http://www.splunk.com/view/SP-CAAAHXG
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
https://puppet.com/security/cve/cve-2013-0169
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
http://www.nessus.org/u?7e310812
http://rhn.redhat.com/errata/RHSA-2013-0587.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.nessus.org/u?acb4a410
http://www.nessus.org/u?e6ea11ce
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.kb.cert.org/vuls/id/737740
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136432043316835&w=2
http://secunia.com/advisories/55139
http://secunia.com/advisories/55108
http://marc.info/?l=bugtraq&m=137545771702053&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://secunia.com/advisories/53623
http://www.debian.org/security/2013/dsa-2621
http://rhn.redhat.com/errata/RHSA-2013-0783.html
http://marc.info/?l=bugtraq&m=136396549913849&w=2
http://rhn.redhat.com/errata/RHSA-2013-0782.html
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.ubuntu.com/usn/USN-1735-1
http://www.debian.org/security/2013/dsa-2622
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
http://secunia.com/advisories/55351
http://secunia.com/advisories/55350
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/55322
http://www.securityfocus.com/bid/57778
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08
http://www.nessus.org/u?310ae51a
http://www.nessus.org/u?e08a4031
http://www.nessus.org/u?a9599125
http://www.nessus.org/u?e1631cf2
http://www.nessus.org/u?b75a3a83
http://www.nessus.org/u?5c90af21
http://www.nessus.org/u?e5438d7d
http://www.nessus.org/u?ee8c1a56
http://www.nessus.org/u?fdb6059c
http://www.nessus.org/u?3d58589e
http://www.nessus.org/u?b1436040
http://www.nessus.org/u?777447b9
http://www.nessus.org/u?40bf277e
Plugin Details
Severity: Low
ID: 503248
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 5/27/2025
Updated: 5/28/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Low
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2013-0169
Vulnerability Information
CPE: cpe:/o:abb:sw_firmware, cpe:/o:abb:arm600_firmware
Required KB Items: Tenable.ot/ABB
Exploit Ease: No known exploits are available
Patch Publication Date: 2/8/2013
Vulnerability Publication Date: 2/8/2013
Reference Information
CVE: CVE-2013-0169
CWE: 310
ICSA: 25-105-08