Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Improper Input Validation (CVE-2018-5391)

high Tenable OT Security Plugin ID 500995

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends applying updates, where available:

- RUGGEDCOM RM 1224: Update to v6.1
- RUGGEDCOM ROX II: Update to v2.13.3
- SCALANCE M-800 family: Update to v6.1
- SCALANCE S615: Update to v6.1
- SCALANCE SC-600: Update to v2.0 or later version
- SCALANCE W1700 IEEE 802.11 ac: Update to v2.0
- SCALANCE W700 IEEE 802.11a/b/g/n: Update to v6.4
- SIMATIC CP 1242-7 and 1243-1 (incl. SIPLUS NET variants): Update to v3.2
- SIMATIC CP 1243-7 LTE EU & US: Update to v3.2
- SIMATIC CP 1243-8 IRC: Update to v3.2
- SIMATIC CP 1542SP-1 and 1542SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC 1543SP-1 IRC (incl. SIPLUS NET variants): Update to v2.1
- SIMATIC CP 1543-1 (incl. SIPLUS NET variants): Update to v2.2
- SIMATIC CP 1543SP-1 (incl. SIPLUS NET variants): Update to v2.1
- SINEMA Remote Connect Server: Update to v2.1

- SIMATIC RF 18xC/CI: Update to v1.3 or later

Siemens has not identified any specific mitigations or workarounds and recommends following their general security recommendations. As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-377115

See Also

https://www.kb.cert.org/vuls/id/641765

http://www.nessus.org/u?fbfb7b03

https://www.debian.org/security/2018/dsa-4272

https://usn.ubuntu.com/3742-2/

https://www.cisa.gov/news-events/ics-advisories/icsa-20-105-05

https://usn.ubuntu.com/3742-1/

https://usn.ubuntu.com/3741-2/

https://usn.ubuntu.com/3741-1/

https://usn.ubuntu.com/3740-2/

https://usn.ubuntu.com/3740-1/

https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html

http://www.securitytracker.com/id/1041476

http://www.securityfocus.com/bid/105108

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt

http://www.securitytracker.com/id/1041637

https://access.redhat.com/errata/RHSA-2018:2791

https://access.redhat.com/errata/RHSA-2018:2785

https://security.netapp.com/advisory/ntap-20181003-0002/

https://access.redhat.com/errata/RHSA-2018:2846

https://access.redhat.com/errata/RHSA-2018:2933

https://access.redhat.com/errata/RHSA-2018:2925

https://access.redhat.com/errata/RHSA-2018:2924

https://access.redhat.com/errata/RHSA-2018:3096

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3459

https://access.redhat.com/errata/RHSA-2018:3590

https://access.redhat.com/errata/RHSA-2018:3586

https://access.redhat.com/errata/RHSA-2018:3540

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

http://www.openwall.com/lists/oss-security/2019/06/28/2

http://www.openwall.com/lists/oss-security/2019/07/06/3

http://www.openwall.com/lists/oss-security/2019/07/06/4

http://www.nessus.org/u?a9deb46b

http://www.nessus.org/u?13522391

https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf

Plugin Details

Severity: High

ID: 500995

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2018-5391

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_net_cp_1242-7_firmware, cpe:/o:siemens:simatic_net_cp_1243-1_firmware, cpe:/o:siemens:scalance_sc-600_series_firmware, cpe:/o:siemens:scalance_w700_series_firmware, cpe:/o:siemens:simatic_net_cp_1243-7_lte_eu_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware, cpe:/o:siemens:simatic_net_cp_1543-1_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware, cpe:/o:siemens:scalance_w1700_series_firmware, cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware, cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware, cpe:/o:siemens:scalance_m-800_series_firmware, cpe:/o:siemens:simatic_net_cp_1243-7_lte_us_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:ruggedcom_rm1224_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 9/6/2018

Vulnerability Publication Date: 9/6/2018

Reference Information

CVE: CVE-2018-5391