Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-28895)

high Tenable OT Security Plugin ID 501077

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

SCALANCE X-200, X-200IRT, and X-300 Switch Families are affected by this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

- Amazon FreeRTOS – Update available
- Apache Nuttx OS Version 9.1.0 – Update available
- ARM CMSIS-RTOS2 – Update in progress, expected in June
- ARM Mbed OS – Update available
- ARM mbed-ualloc – no longer supported and no fix will be issued
- Blackberry QNX 6.5.0SP1 – Update available. See public advisory
- Blackberry QNX OS for Safety 1.0.2 – Update available. See public advisory
- Blackberry QNX OS for Medical 1.1.1 – Update available. See public advisory
- Cesanta Software mongooses – Update available
- eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer – Update available
- Google Cloud IoT Device SDK – Update available
- Media Tek LinkIt SDK – MediaTek will provide the update to users. No fix for free version, as it is not intended for production use.
- Micrium OS: Update to v5.10.2 or later – Update available
- Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 – Update available
- NXP MCUXpresso SDK – Update to 2.9.0 or later
- NXP MQX – update to 5.1 or newer
- Redhat newlib – Update available
- RIOT OS – Update available
- Samsung Tizen RT RTOS – Update available
- TencentOS-tiny – Update available
- Texas Instruments CC32XX – Update to v4.40.00.07
- Texas Instruments SimpleLink CC13X0 – Update to v4.10.03
- Texas Instruments SimpleLink CC13X2-CC26X2 – Update to v4.40.00
- Texas Instruments SimpleLink CC2640R2 – Update to v4.40.00
- Texas Instruments SimpleLink MSP432E4 – Confirmed. No update currently planned
- uClibc-ng – Update available
- Windriver VxWorks – Update in progress

- Windriver VxWorks – Update in progress
- The following devices use Windriver VxWorks as their RTOS:
- Hitachi Energy GMS600 – See public advisory.
- Hitachi Energy PWC600 – See public advisory.
- Hitachi Energy REB500 – See public advisory.
- Hitachi Energy Relion 670, 650 series and SAM600-IO – See public advisory
- Hitachi Energy RTU500 series CMU – Updates available for some firmware versions – See public advisory.
- Hitachi Energy Modular Switchgear Monitoring System MSM – Protect your network – See public advisory.

- Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.

See Also

http://www.nessus.org/u?b3be53ac

https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04

http://www.nessus.org/u?4af41997

https://www.oracle.com/security-alerts/cpuapr2022.html

Plugin Details

Severity: High

ID: 501077

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 4/26/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-28895

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_x320-1_fe_firmware, cpe:/o:siemens:scalance_xr324-4m_eec_firmware, cpe:/o:siemens:scalance_x306-1ld_fe_firmware, cpe:/o:siemens:scalance_x302-7_eec_firmware, cpe:/o:siemens:scalance_x310fe_firmware, cpe:/o:siemens:scalance_xf202-2p_irt_firmware, cpe:/o:siemens:scalance_x204-2ld_ts_firmware, cpe:/o:siemens:scalance_x224_firmware, cpe:/o:siemens:scalance_xf204-2ba_irt_firmware, cpe:/o:siemens:scalance_x206-1_firmware, cpe:/o:siemens:scalance_x307-2_eec_firmware, cpe:/o:siemens:scalance_xf206-1_firmware, cpe:/o:siemens:scalance_x308-2m_ts_firmware, cpe:/o:siemens:scalance_x204-2ts_firmware, cpe:/o:siemens:scalance_x204irt_firmware, cpe:/o:siemens:scalance_x206-1ld_firmware, cpe:/o:siemens:scalance_xf204irt_firmware, cpe:/o:siemens:scalance_xr324-4m_poe_ts_firmware, cpe:/o:siemens:siplus_net_scalance_x308-2_firmware, cpe:/o:siemens:scalance_x204-2_firmware, cpe:/o:siemens:scalance_x204-2ld_firmware, cpe:/o:siemens:scalance_x204-2fm_firmware, cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware, cpe:/o:siemens:scalance_xf201-3p_irt_firmware, cpe:/o:siemens:scalance_x208_firmware, cpe:/o:siemens:scalance_x201-3p_irt_firmware, cpe:/o:siemens:scalance_xf204-2_firmware, cpe:/o:siemens:scalance_x308-2lh%2b_firmware, cpe:/o:siemens:scalance_x308-2m_firmware, cpe:/o:siemens:scalance_xr324-12m_firmware, cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware, cpe:/o:siemens:scalance_xr324-4m_poe_firmware, cpe:/o:siemens:siplus_net_scalance_x202-2p_irt_firmware, cpe:/o:siemens:scalance_x308-2m_poe_firmware, cpe:/o:siemens:scalance_x320-1-2ld_fe_firmware, cpe:/o:siemens:scalance_x307-3_firmware, cpe:/o:siemens:scalance_x307-3ld_firmware, cpe:/o:siemens:scalance_x308-2ld_firmware, cpe:/o:siemens:scalance_x308-2_firmware, cpe:/o:siemens:scalance_xr324-12m_ts_firmware, cpe:/o:siemens:scalance_x200-4p_irt_firmware, cpe:/o:siemens:scalance_x310_firmware, cpe:/o:siemens:scalance_x212-2ld_firmware, cpe:/o:siemens:scalance_x308-2lh_firmware, cpe:/o:siemens:scalance_x304-2fe_firmware, cpe:/o:siemens:scalance_x212-2_firmware, cpe:/o:siemens:scalance_x202-2p_irt_firmware, cpe:/o:siemens:scalance_x208pro_firmware, cpe:/o:siemens:scalance_xf208_firmware, cpe:/o:siemens:scalance_x204irt_pro_firmware, cpe:/o:siemens:scalance_x202-2irt_firmware, cpe:/o:siemens:scalance_xf204_firmware, cpe:/o:siemens:scalance_x408-2_firmware, cpe:/o:siemens:scalance_x216_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 2/3/2021

Vulnerability Publication Date: 2/3/2021

Reference Information

CVE: CVE-2020-28895

CWE: 190, 787

ICSA: 21-119-04