Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)

high Tenable OT Security Plugin ID 501121

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for the affected products and recommends updating to the latest versions:

- SICAM P850 devices: Update to v3.10 or later
- SICAM P855 devices: Update to v3.10 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Avoid accessing links from untrusted sources while logged in to SICAM P850 or SICAM P855 devices

Siemens recommends operators check for appropriate resilient protection measures; the risk of cyber incidents impacting the grid's reliability can be minimized by virtue of the grid design.

Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated application of security updates across multiple product instances may be used. Siemens strongly recommends users to validate any security update before application; Siemens recommends the update process be supervised by trained staff in the target environment.

As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms, such as firewalls, network segmentation, or use of virtual private networks (VPNs). It is advised to configure the environment according to Siemens’ operational guidelines to run the devices in a protected IT environment.

For additional resources, users should review Siemens’ security guidelines.

For more information, see Siemens Security Advisory SSA-572005 in HTML or CSAF.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-09

Plugin Details

Severity: High

ID: 501121

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 5/9/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2022-40226

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:7kg8551-0aa12-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa32-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa02-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa31-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa12-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa01-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa30-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa02-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa32-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa02-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa10-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa30-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa11-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa31-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa32-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa11-0aa0_firmware, cpe:/o:siemens:7kg8500-0aa10-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa11-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa01-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa00-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa11-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa12-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa10-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa00-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa02-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa00-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa31-2aa0_firmware, cpe:/o:siemens:7kg8500-0aa00-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa01-2aa0_firmware, cpe:/o:siemens:7kg8551-0aa32-0aa0_firmware, cpe:/o:siemens:7kg8551-0aa31-0aa0_firmware, cpe:/o:siemens:7kg8500-0aa30-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa30-0aa0_firmware, cpe:/o:siemens:7kg8501-0aa01-0aa0_firmware, cpe:/o:siemens:7kg8550-0aa10-2aa0_firmware, cpe:/o:siemens:7kg8501-0aa12-2aa0_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2022

Vulnerability Publication Date: 10/11/2022

Reference Information

CVE: CVE-2022-40226

CWE: 384

ICSA: 22-286-09