Siemens SIMATIC Spectre-NG Variants 3a and 4 (CVE-2018-3639)

medium Tenable OT Security Plugin ID 500248

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://www.us-cert.gov/ncas/alerts/TA18-141A

http://www.nessus.org/u?c2acd2ee

https://www.synology.com/support/security/Synology_SA_18_23

https://www.kb.cert.org/vuls/id/180049

https://usn.ubuntu.com/3655-2/

https://usn.ubuntu.com/3654-2/

https://usn.ubuntu.com/3654-1/

https://usn.ubuntu.com/3653-2/

https://usn.ubuntu.com/3653-1/

https://usn.ubuntu.com/3652-1/

https://usn.ubuntu.com/3651-1/

http://www.nessus.org/u?fc974ba6

https://support.citrix.com/article/CTX235225

https://security.netapp.com/advisory/ntap-20180521-0001/

http://www.nessus.org/u?36d8913e

http://www.nessus.org/u?c89c164f

https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

https://access.redhat.com/errata/RHSA-2018:1660

https://access.redhat.com/errata/RHSA-2018:1655

https://access.redhat.com/errata/RHSA-2018:1647

https://access.redhat.com/errata/RHSA-2018:1630

http://xenbits.xen.org/xsa/advisory-263.html

http://www.securitytracker.com/id/1040949

http://support.lenovo.com/us/en/solutions/LEN-22133

https://access.redhat.com/errata/RHSA-2018:1690

https://access.redhat.com/errata/RHSA-2018:1689

https://access.redhat.com/errata/RHSA-2018:1688

https://access.redhat.com/errata/RHSA-2018:1686

https://access.redhat.com/errata/RHSA-2018:1676

https://access.redhat.com/errata/RHSA-2018:1675

https://access.redhat.com/errata/RHSA-2018:1674

https://access.redhat.com/errata/RHSA-2018:1669

https://access.redhat.com/errata/RHSA-2018:1668

https://access.redhat.com/errata/RHSA-2018:1667

https://access.redhat.com/errata/RHSA-2018:1666

https://access.redhat.com/errata/RHSA-2018:1665

https://access.redhat.com/errata/RHSA-2018:1664

https://access.redhat.com/errata/RHSA-2018:1663

https://access.redhat.com/errata/RHSA-2018:1662

https://access.redhat.com/errata/RHSA-2018:1661

https://access.redhat.com/errata/RHSA-2018:1659

https://access.redhat.com/errata/RHSA-2018:1658

https://access.redhat.com/errata/RHSA-2018:1657

https://access.redhat.com/errata/RHSA-2018:1656

https://access.redhat.com/errata/RHSA-2018:1654

https://access.redhat.com/errata/RHSA-2018:1653

https://access.redhat.com/errata/RHSA-2018:1652

https://access.redhat.com/errata/RHSA-2018:1651

https://access.redhat.com/errata/RHSA-2018:1650

https://access.redhat.com/errata/RHSA-2018:1649

https://access.redhat.com/errata/RHSA-2018:1648

https://access.redhat.com/errata/RHSA-2018:1646

https://access.redhat.com/errata/RHSA-2018:1645

https://access.redhat.com/errata/RHSA-2018:1644

https://access.redhat.com/errata/RHSA-2018:1643

https://access.redhat.com/errata/RHSA-2018:1642

https://access.redhat.com/errata/RHSA-2018:1636

https://access.redhat.com/errata/RHSA-2018:1635

https://access.redhat.com/errata/RHSA-2018:1633

https://access.redhat.com/errata/RHSA-2018:1632

https://access.redhat.com/errata/RHSA-2018:1629

http://www.securityfocus.com/bid/104232

https://www.exploit-db.com/exploits/44695/

https://access.redhat.com/errata/RHSA-2018:1711

https://access.redhat.com/errata/RHSA-2018:1710

https://access.redhat.com/errata/RHSA-2018:1696

https://www.debian.org/security/2018/dsa-4210

https://usn.ubuntu.com/3655-1/

https://access.redhat.com/errata/RHSA-2018:1738

https://access.redhat.com/errata/RHSA-2018:1737

https://access.redhat.com/errata/RHSA-2018:1641

https://access.redhat.com/errata/RHSA-2018:1640

https://access.redhat.com/errata/RHSA-2018:1639

https://access.redhat.com/errata/RHSA-2018:1638

https://access.redhat.com/errata/RHSA-2018:1637

http://www.nessus.org/u?ab57ba47

https://usn.ubuntu.com/3680-1/

https://usn.ubuntu.com/3679-1/

http://www.nessus.org/u?abd55666

https://access.redhat.com/errata/RHSA-2018:1826

https://access.redhat.com/errata/RHSA-2018:1854

https://access.redhat.com/errata/RHSA-2018:2006

https://access.redhat.com/errata/RHSA-2018:2003

https://access.redhat.com/errata/RHSA-2018:2001

https://access.redhat.com/errata/RHSA-2018:1997

https://access.redhat.com/errata/RHSA-2018:1967

https://access.redhat.com/errata/RHSA-2018:1965

https://access.redhat.com/errata/RHSA-2018:2060

https://access.redhat.com/errata/RHSA-2018:2164

https://access.redhat.com/errata/RHSA-2018:2162

https://access.redhat.com/errata/RHSA-2018:2161

https://access.redhat.com/errata/RHSA-2018:2172

https://access.redhat.com/errata/RHSA-2018:2171

https://access.redhat.com/errata/RHSA-2018:2216

https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html

https://access.redhat.com/errata/RHSA-2018:2228

https://access.redhat.com/errata/RHSA-2018:2250

https://access.redhat.com/errata/RHSA-2018:2246

https://access.redhat.com/errata/RHSA-2018:2258

https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html

https://access.redhat.com/errata/RHSA-2018:2289

https://access.redhat.com/errata/RHSA-2018:2328

https://access.redhat.com/errata/RHSA-2018:2309

https://access.redhat.com/errata/RHSA-2018:2364

https://access.redhat.com/errata/RHSA-2018:2363

https://access.redhat.com/errata/RHSA-2018:2396

https://access.redhat.com/errata/RHSA-2018:2394

https://access.redhat.com/errata/RHSA-2018:2387

https://www.debian.org/security/2018/dsa-4273

https://usn.ubuntu.com/3756-1/

https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf

https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004

https://usn.ubuntu.com/3777-3/

http://www.nessus.org/u?23319717

https://access.redhat.com/errata/RHSA-2018:3425

https://access.redhat.com/errata/RHSA-2018:3424

https://access.redhat.com/errata/RHSA-2018:3423

https://access.redhat.com/errata/RHSA-2018:3407

https://access.redhat.com/errata/RHSA-2018:3402

https://access.redhat.com/errata/RHSA-2018:3401

https://access.redhat.com/errata/RHSA-2018:3400

https://access.redhat.com/errata/RHSA-2018:3399

https://access.redhat.com/errata/RHSA-2018:3398

https://access.redhat.com/errata/RHSA-2018:3397

https://access.redhat.com/errata/RHSA-2018:3396

https://access.redhat.com/errata/RHSA-2018:2948

http://www.securitytracker.com/id/1042004

http://www.nessus.org/u?148b2157

http://www.nessus.org/u?799b2d05

https://access.redhat.com/errata/RHSA-2019:0148

https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://nvidia.custhelp.com/app/answers/detail/a_id/4787

http://www.nessus.org/u?c34fd747

https://access.redhat.com/errata/RHSA-2019:1046

http://www.nessus.org/u?9073d091

http://www.nessus.org/u?ccb7a56c

https://seclists.org/bugtraq/2019/Jun/36

https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

http://www.openwall.com/lists/oss-security/2020/06/10/1

http://www.openwall.com/lists/oss-security/2020/06/10/2

http://www.openwall.com/lists/oss-security/2020/06/10/5

https://www.oracle.com/security-alerts/cpujul2020.html

http://www.nessus.org/u?d5299d44

Plugin Details

Severity: Medium

ID: 500248

Version: 1.6

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 12/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-3639

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:simatic_et_200_sp_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2018

Vulnerability Publication Date: 5/22/2018

Reference Information

CVE: CVE-2018-3639

CWE: 203

CERT: TA18-141A

DSA: DSA-4210, DSA-4273

RHSA: RHSA-2018:1629, RHSA-2018:1630, RHSA-2018:1632, RHSA-2018:1633, RHSA-2018:1635, RHSA-2018:1636, RHSA-2018:1637, RHSA-2018:1638, RHSA-2018:1639, RHSA-2018:1640, RHSA-2018:1641, RHSA-2018:1642, RHSA-2018:1643, RHSA-2018:1644, RHSA-2018:1645, RHSA-2018:1646, RHSA-2018:1647, RHSA-2018:1648, RHSA-2018:1649, RHSA-2018:1650, RHSA-2018:1651, RHSA-2018:1652, RHSA-2018:1653, RHSA-2018:1654, RHSA-2018:1655, RHSA-2018:1656, RHSA-2018:1657, RHSA-2018:1658, RHSA-2018:1659, RHSA-2018:1660, RHSA-2018:1661, RHSA-2018:1662, RHSA-2018:1663, RHSA-2018:1664, RHSA-2018:1665, RHSA-2018:1666, RHSA-2018:1667, RHSA-2018:1668, RHSA-2018:1669, RHSA-2018:1674, RHSA-2018:1675, RHSA-2018:1676, RHSA-2018:1686, RHSA-2018:1688, RHSA-2018:1689, RHSA-2018:1690, RHSA-2018:1696, RHSA-2018:1710, RHSA-2018:1711, RHSA-2018:1737, RHSA-2018:1738, RHSA-2018:1826, RHSA-2018:1854, RHSA-2018:1965, RHSA-2018:1967, RHSA-2018:1997, RHSA-2018:2001, RHSA-2018:2003, RHSA-2018:2006, RHSA-2018:2060, RHSA-2018:2161, RHSA-2018:2162, RHSA-2018:2164, RHSA-2018:2171, RHSA-2018:2172, RHSA-2018:2216, RHSA-2018:2228, RHSA-2018:2246, RHSA-2018:2250, RHSA-2018:2258, RHSA-2018:2289, RHSA-2018:2309, RHSA-2018:2328, RHSA-2018:2363, RHSA-2018:2364, RHSA-2018:2387, RHSA-2018:2394, RHSA-2018:2396, RHSA-2018:2948, RHSA-2018:3396, RHSA-2018:3397, RHSA-2018:3398, RHSA-2018:3399, RHSA-2018:3400, RHSA-2018:3401, RHSA-2018:3402, RHSA-2018:3407, RHSA-2018:3423, RHSA-2018:3424, RHSA-2018:3425, RHSA-2019:0148, RHSA-2019:1046

SuSE: openSUSE-SU-2019:1438, openSUSE-SU-2019:1439, openSUSE-SU-2020:1325

USN: USN-3651-1, USN-3652-1, USN-3653-1, USN-3653-2, USN-3654-1, USN-3654-2, USN-3655-1, USN-3655-2, USN-3679-1, USN-3680-1, USN-3756-1, USN-3777-3