Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

medium Tenable OT Security Plugin ID 500715

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for the following products and recommends updating to the latest versions:

- SIMATIC Drive Controller Family: Update to V3.0.1 or later.

- SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0): Update to V3.2.19 or later.
- SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0): Update to V3.3.19 or later.
- SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0): Update to V3.2.19 or later.
- SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0): Update to V3.2.19 or later.

- SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Update to V3.0.1 or later.
- SIMATIC S7-PLCSIM Advanced: Update to V5.0 or later.

- SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0): Update to V3.2.19 or later.
- SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0): Update to V3.3.19 or later.
- SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0): Update to V3.2.19 or later.
- SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0): Update to V3.2.19 or later.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Do not access the product’s web service via URLs coming from untrusted sources.
- Disable the web server if possible.
- SIMATIC PC Station (Specifically): Disable the web server. Note that this feature is disabled by default.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ Operational Guidelines for Industrial Security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For further inquiries on security vulnerabilities in Siemens products and solutions, users should contact Siemens ProductCERT.

For more information see Siemens Security Advisory SSA-478960 in HTML or CSAF.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-314-02

Plugin Details

Severity: Medium

ID: 500715

Version: 1.13

Type: remote

Family: Tenable.ot

Published: 12/16/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2022-30694

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_dp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1515r-2_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_12_1212fc_firmware:-, cpe:/o:siemens:simatic_s7-400_pn%2fdp_v7_firmware:7.0, cpe:/o:siemens:simatic_drive_controller_cpu_1504d_tf_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1511c-1_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1512c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517tf-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1508s_f_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_15pro-2_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1508s_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_pn%2fdp_firmware:-, cpe:/o:siemens:6es7151-8ab01-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_dp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1515t-2_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516pro_f_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1507s_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1511c_firmware:-, cpe:/o:siemens:6es7154-8fx00-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_dp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_firmware:-, cpe:/o:siemens:simatic_drive_controller_cpu_1507d_tf_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_12_1215c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518tf-4_firmware:-, cpe:/o:siemens:6es7318-3fl01-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_firmware:-, cpe:/o:siemens:6es7315-7tj10-0ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_12_1212c_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_12_1217c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516t-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_pn_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1511tf-1_firmware:-, cpe:/o:siemens:6es7151-8fb01-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511t-1_firmware:-, cpe:/o:siemens:6ag1315-2eh14-7ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215fc_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1515tf-2_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1513r-1_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_151511f-1_firmware:-, cpe:/o:siemens:6ag1314-6eh04-7ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1510sp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513prof-2_firmware:-, cpe:/o:siemens:6es7315-2fj14-0ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:-, cpe:/o:siemens:6es7154-8ab01-0ab0_firmware, cpe:/o:siemens:6es7318-3el01-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1511f-1_firmware:-, cpe:/o:siemens:6ag1151-8fb01-2ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_12_1211c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517-3_pn%2fdp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_151511c-1_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_12_1214c_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1512sp-1_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1517f-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516pro-2_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_12_1215fc_firmware:-, cpe:/o:siemens:6es7317-7tk10-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn%2fdp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1512spf-1_firmware:-, cpe:/o:siemens:6ag1315-2fj14-2ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1507s_f_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518hf-4_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516-3_pn_firmware:-, cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:-, cpe:/o:siemens:6es7317-2fk14-0ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214fc_firmware:-, cpe:/o:siemens:simatic_s7-400_pn%2fdp_v6_firmware:6.0, cpe:/o:siemens:simatic_s7-1500_cpu_1515-2_firmware:-, cpe:/o:siemens:6es7317-2ek14-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_cpu_1513pro-2_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1513f-1_firmware:-, cpe:/o:siemens:6es7317-7ul10-0ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_firmware:-, cpe:/o:siemens:6ag1151-8ab01-7ab0_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_12_1214fc_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516f-3_pn%2fdp_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1516tf-3_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_15prof-2_firmware:-, cpe:/o:siemens:simatic_s7-1500_cpu_1510sp-1_firmware:-, cpe:/o:siemens:6es7154-8fb01-0ab0_firmware, cpe:/o:siemens:6ag1317-2fk14-2ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1512c-1_firmware:-, cpe:/o:siemens:6ag1317-2ek14-7ab0_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518t-4_firmware:-, cpe:/o:siemens:6es7314-6eh04-0ab0_firmware, cpe:/o:siemens:6es7315-2eh14-0ab0_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 11/8/2022

Vulnerability Publication Date: 11/8/2022

Reference Information

CVE: CVE-2022-30694

CWE: 352

ICSA: 22-314-02