Detections
Analytics
Siemens SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224 Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2017-14491)
critical Tenable OT Security Plugin ID 500978
Synopsis
The remote OT asset is affected by a vulnerability.Description
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens reports they are preparing updates for the affected products and recommends the following mitigations until patches are available:
- For SCALANCE W1750D: Siemens recommends that users install v6.5.1.5-4.3.1.8 of the software. Users who do not use the “OpenDNS,” “Captive Portal,” or “URL redirection” functionalities can deploy firewall rules in the device configuration to block incoming access to Port 53/UDP.
- For SCALANCE M800/S615: Siemens recommends that users install v5.0 of the software. Alternatively, users can disable DNS proxy in the device configuration (System - DNS - DNS Proxy - Disable Checkbox for Enable DNS Proxy) and configure the connected devices in the internal network to use a different DNS server.
- For RUGGEDCOM RM1224 update to v5.0 or later version.
- Apply defense-in-depth
Siemens has produced advisory SSA-689071 to address these vulnerabilities.
See Also
http://www.nessus.org/u?518ad813
http://www.nessus.org/u?0882f5e4
http://www.nessus.org/u?1684fac7
http://www.securitytracker.com/id/1039474
http://www.nessus.org/u?e6a2ec86
http://thekelleys.org.uk/dnsmasq/CHANGELOG
https://www.exploit-db.com/exploits/42941/
http://www.securityfocus.com/bid/101085
https://www.kb.cert.org/vuls/id/973527
https://access.redhat.com/security/vulnerabilities/3199382
https://access.redhat.com/errata/RHSA-2017:2841
https://access.redhat.com/errata/RHSA-2017:2840
https://access.redhat.com/errata/RHSA-2017:2839
https://access.redhat.com/errata/RHSA-2017:2838
https://access.redhat.com/errata/RHSA-2017:2837
https://access.redhat.com/errata/RHSA-2017:2836
http://www.ubuntu.com/usn/USN-3430-2
http://www.ubuntu.com/usn/USN-3430-1
http://www.debian.org/security/2017/dsa-3989
http://www.nessus.org/u?043d20f6
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
https://security.gentoo.org/glsa/201710-27
https://www.cisa.gov/news-events/ics-advisories/icsa-17-332-01
http://www.securityfocus.com/bid/101977
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
http://nvidia.custhelp.com/app/answers/detail/a_id/4560
http://www.nessus.org/u?d0c1297e
http://www.ubuntu.com/usn/USN-3430-3
http://www.nessus.org/u?8e409bd8
http://www.nessus.org/u?689bb660
https://www.debian.org/security/2017/dsa-3989
http://www.nessus.org/u?1e46c431
http://www.nessus.org/u?93250790
http://www.nessus.org/u?615de507
http://www.nessus.org/u?cf750b36
http://www.nessus.org/u?b9f34390
http://www.nessus.org/u?16ddb200
Plugin Details
Severity: Critical
ID: 500978
Version: 1.4
Type: remote
Family: Tenable.ot
Published: 4/11/2023
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-14491
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:scalance_m-800_series_firmware, cpe:/o:siemens:scalance_w1750d_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:ruggedcom_rm1224_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/4/2017
Vulnerability Publication Date: 10/4/2017
Exploitable With
Core Impact
Reference Information
CVE: CVE-2017-14491
CWE: 787
DSA: DSA-3989
FEDORA: FEDORA-2017-24f067299e, FEDORA-2017-515264ae24, FEDORA-2017-7106a157f5
GLSA: GLSA-201710-27
ICSA: 17-332-01
RHSA: RHSA-2017:2836, RHSA-2017:2837, RHSA-2017:2838, RHSA-2017:2839, RHSA-2017:2840, RHSA-2017:2841
SuSE: SUSE-SU-2017:2616, SUSE-SU-2017:2617, SUSE-SU-2017:2619, openSUSE-SU-2017:2633
USN: USN-3430-1, USN-3430-2, USN-3430-3