Detections
Analytics
Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)
medium Tenable OT Security Plugin ID 501840
Synopsis
The remote OT asset is affected by a vulnerability.Description
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- CVE-2022-4304: Disable the use of RSA ciphers in the web server configuration; note that RSA ciphers are disabled by default.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for Industrial Security. Additional information on Siemens Industrial Security can be found here.
For more information, see the associated Siemens security advisory SSA-203374 in HTML and CSAF.
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-203374.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf
https://cert-portal.siemens.com/productcert/html/ssa-264814.html
https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
https://cert-portal.siemens.com/productcert/pdf/ssa-943925.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-556635.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-337522.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-879734.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-625862.pdf
https://cert-portal.siemens.com/productcert/html/ssa-769027.html
https://support.industry.siemens.com/cs/ww/en/view/109826954/
https://support.industry.siemens.com/cs/ww/en/view/62612377/
https://support.industry.siemens.com/cs/ww/en/view/47354578/
https://support.industry.siemens.com/cs/ww/en/view/109977720/
https://support.industry.siemens.com/cs/ww/en/view/47353723/
https://support.industry.siemens.com/cs/ww/en/view/44442927/
https://support.industry.siemens.com/cs/ww/en/view/85059804/
https://support.industry.siemens.com/cs/ww/en/view/85049260/
https://support.industry.siemens.com/cs/ww/en/view/109478459/
https://support.industry.siemens.com/cs/ww/en/view/109821128/
https://support.industry.siemens.com/cs/ww/en/view/109821388
https://support.industry.siemens.com/cs/ww/en/view/40945128/
https://support.industry.siemens.com/cs/ww/en/view/109954475/
https://support.industry.siemens.com/cs/ww/en/view/109825818/
https://support.industry.siemens.com/cs/ww/en/view/109812242/
https://support.industry.siemens.com/cs/ww/en/view/51466769/
https://support.industry.siemens.com/cs/ww/en/view/109822278/
https://support.industry.siemens.com/cs/ww/en/view/109976907/
https://support.industry.siemens.com/cs/ww/en/view/85063017/
https://support.industry.siemens.com/cs/ww/en/view/40944925/
https://support.industry.siemens.com/cs/ww/en/view/109954889/
https://support.industry.siemens.com/cs/ww/en/view/40362228/
https://support.industry.siemens.com/cs/ww/en/view/109955177/
https://support.industry.siemens.com/cs/ww/en/view/109825230/
https://support.industry.siemens.com/cs/ww/en/view/109827684/
https://support.industry.siemens.com/cs/ww/en/view/47354502/
https://support.industry.siemens.com/cs/ww/en/view/40360647/
https://support.industry.siemens.com/cs/ww/en/view/47354354/
https://support.industry.siemens.com/cs/ww/en/view/44443101/
https://support.industry.siemens.com/cs/ww/en/view/109955252/
https://www.openssl.org/news/secadv/20230207.txt
https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09
Plugin Details
Severity: Medium
ID: 501840
Version: 1.6
Type: remote
Family: Tenable.ot
Published: 12/19/2023
Updated: 2/25/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2022-4304
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:scalance_xr326-2c_poe_wg_%28without_ul%29_firmware:4.5, cpe:/o:siemens:siplus_et_200sp_cpu_firmware, cpe:/o:siemens:siplus_s7-300_cpu_firmware:3.3.19, cpe:/o:siemens:scalance_xf204_firmware:4.5, cpe:/o:siemens:scalance_xp216poe_eec_firmware:4.5, cpe:/o:siemens:siplus_net_scalance_xc206-2sfp_firmware:4.5, cpe:/o:siemens:scalance_wub762-1_ifeatures_firmware:3.0.0, cpe:/o:siemens:scalance_xr528-6m_%282hr2%29_firmware:6.6.1, cpe:/o:siemens:simatic_et_200s_im_151-8_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xp216_firmware:4.5, cpe:/o:siemens:scalance_xb213-3_%28sc%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_xc208g_poe_%2854_v_dc%29_firmware:4.5, cpe:/o:siemens:scalance_xr552-12m_firmware:6.6.1, cpe:/o:siemens:scalance_xp208_firmware:4.5, cpe:/o:siemens:simatic_et_200pro_im_154-8f_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xc206-2sfp_g_eec_firmware:4.5, cpe:/o:siemens:scalance_wum763-1_%28us%29_firmware:3.0.0, cpe:/o:siemens:scalance_xm416-4c_firmware:6.6.1, cpe:/o:siemens:scalance_xr324wg_%2824_x_fe%2c_dc_24v%29_firmware:4.5, cpe:/o:siemens:siplus_s7-1500_cpu_firmware, cpe:/o:siemens:siplus_et_200s_im_151-8f_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xc206-2g_poe_firmware:4.5, cpe:/o:siemens:scalance_xc208g_firmware:4.5, cpe:/o:siemens:scalance_wam766-1_%28me%29_firmware:3.0.0, cpe:/o:siemens:scalance_xc216_firmware:4.5, cpe:/o:siemens:scalance_xc206-2sfp_g_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_24v_firmware:6.6.1, cpe:/o:siemens:scalance_xr526-8c%2c_2x230v_firmware:6.6.1, cpe:/o:siemens:scalance_xb205-3ld_%28sc%2c_e%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xc206-2sfp_g_%28eip_def.%29_firmware:4.5, cpe:/o:siemens:scalance_xc224-4c_g_firmware:4.5, cpe:/o:siemens:scalance_xp208poe_eec_firmware:4.5, cpe:/o:siemens:scalance_xm408-8c_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xc208_firmware:4.5, cpe:/o:siemens:scalance_xf204_dna_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_2x230v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xr328-4c_wg_%2824xfe%2c_4xge%2c_24v%29_firmware:4.5, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:3.0.3, cpe:/o:siemens:scalance_xb205-3ld_%28sc%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_xc206-2g_poe_%2854_v_dc%29_firmware:4.5, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:3.1.0, cpe:/o:siemens:scalance_w1750d_%28row%29_firmware:8.10.0.9, cpe:/o:siemens:scalance_xc208g_%28eip_def.%29_firmware:4.5, cpe:/o:siemens:scalance_wam766-1_eec_%28me%29_firmware:3.0.0, cpe:/o:siemens:scalance_xb216_%28pn%29_firmware:4.5, cpe:/o:siemens:scalance_xp216eec_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_1x230v_firmware:6.6.1, cpe:/o:siemens:scalance_xr552-12m_%282hr2%29_firmware:6.6.1, cpe:/o:siemens:scalance_xc206-2_%28st%2fbfoc%29_firmware:4.5, cpe:/o:siemens:scalance_xb205-3_%28sc%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_xc216-4c_g_eec_firmware:4.5, cpe:/o:siemens:scalance_xm408-4c_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_wam766-1_eec_firmware:3.0.0, cpe:/o:siemens:simatic_s7-1500_cpu_firmware:3.1.0, cpe:/o:siemens:scalance_wum763-1_firmware:3.0.0, cpe:/o:siemens:scalance_xb213-3ld_%28sc%2c_e%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_2x230v_firmware:6.6.1, cpe:/o:siemens:simatic_cp_1543sp-1_firmware:2.3, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:2.3, cpe:/o:siemens:scalance_xc224-4c_g_eec_firmware:4.5, cpe:/o:siemens:scalance_xb213-3ld_%28sc%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_xp208_%28ethernet%2fip%29_firmware:4.5, cpe:/o:siemens:simatic_s7-1500_cpu_firmware, cpe:/o:siemens:scalance_xr328-4c_wg_%2824xfe%2c_4xge%2cdc24v%29_firmware:4.5, cpe:/o:siemens:scalance_xr328-4c_wg_%2828xge%2c_dc_24v%29_firmware:4.5, cpe:/o:siemens:scalance_xr526-8c%2c_24v_firmware:6.6.1, cpe:/o:siemens:scalance_xm408-8c_firmware:6.6.1, cpe:/o:siemens:scalance_xr526-8c%2c_1x230v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:simatic_drive_controller_cpu_firmware:3.0.3, cpe:/o:siemens:simatic_et_200pro_im_154-8fx_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:siplus_et_200s_im_151-8_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xr324wg_%2824_x_fe%2c_ac_230v%29_firmware:4.5, cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:2.3, cpe:/o:siemens:scalance_wam763-1_%28us%29_firmware:3.0.0, cpe:/o:siemens:simatic_et_200pro_im_154-8_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xb213-3_%28st%2c_e%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_1x230v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xb205-3_%28st%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_xc206-2sfp_eec_firmware:4.5, cpe:/o:siemens:siplus_s7-300_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xr328-4c_wg_%2828xge%2c_ac_230v%29_firmware:4.5, cpe:/o:siemens:scalance_xr524-8c%2c_24v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xc216-3g_poe_firmware:4.5, cpe:/o:siemens:siplus_net_scalance_xc206-2_firmware:4.5, cpe:/o:siemens:scalance_xb213-3_%28st%2c_pn%29_firmware:4.5, cpe:/o:siemens:scalance_wum766-1_%28me%29_firmware:3.0.0, cpe:/o:siemens:scalance_wum766-1_%28usa%29_firmware:3.0.0, cpe:/o:siemens:scalance_xc224_firmware:4.5, cpe:/o:siemens:scalance_xf204-2ba_dna_firmware:4.5, cpe:/o:siemens:simatic_s7-1500_cpu_firmware:2.9.7, cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.3.19, cpe:/o:siemens:scalance_xc216-4c_firmware:4.5, cpe:/o:siemens:simatic_s7-300_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xc224-4c_g_%28eip_def.%29_firmware:4.5, cpe:/o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:21, cpe:/o:siemens:siplus_s7-1500_cpu_firmware:2.9.7, cpe:/o:siemens:scalance_xc216-3g_poe_%2854_v_dc%29_firmware:4.5, cpe:/o:siemens:scalance_wub762-1_firmware:3.0.0, cpe:/o:siemens:scalance_wam766-1_firmware:3.0.0, cpe:/o:siemens:scalance_xr528-6m_%282hr2%2c_l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xb208_%28pn%29_firmware:4.5, cpe:/o:siemens:scalance_xb205-3_%28st%2c_e%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xb208_%28e%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xm416-4c_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:simatic_s7-1500_tm_mfp, cpe:/o:siemens:simatic_cp_1542sp-1_firmware:2.3, cpe:/o:siemens:scalance_xc208eec_firmware:4.5, cpe:/o:siemens:siplus_net_scalance_xc216-4c_firmware:4.5, cpe:/o:siemens:scalance_wam763-1_firmware:3.0.0, cpe:/o:siemens:scalance_xc208g_eec_firmware:4.5, cpe:/o:siemens:scalance_xc206-2_%28sc%29_firmware:4.5, cpe:/o:siemens:scalance_wam766-1_%28us%29_firmware:3.0.0, cpe:/o:siemens:scalance_xc216eec_firmware:4.5, cpe:/o:siemens:scalance_xr526-8c%2c_24v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_w1750d_%28jp%29_firmware:8.10.0.9, cpe:/o:siemens:scalance_wab762-1_firmware:3.0.0, cpe:/o:siemens:scalance_xp208eec_firmware:4.5, cpe:/o:siemens:scalance_xp216_%28ethernet%2fip%29_firmware:4.5, cpe:/o:siemens:scalance_xc208g_poe_firmware:4.5, cpe:/o:siemens:simatic_s7-1500_et_200pro_cpu_firmware:2.9.7, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:2.3, cpe:/o:siemens:scalance_xc216-4c_g_firmware:4.5, cpe:/o:siemens:scalance_xr526-8c%2c_1x230v_firmware:6.6.1, cpe:/o:siemens:scalance_w1750d_%28usa%29_firmware:8.10.0.9, cpe:/o:siemens:scalance_xc206-2g_poe_eec_%2854_v_dc%29_firmware:4.5, cpe:/o:siemens:siplus_et_200sp_cpu_firmware:2.9.7, cpe:/o:siemens:scalance_xc216-4c_g_%28eip_def.%29_firmware:4.5, cpe:/o:siemens:scalance_wam763-1_%28me%29_firmware:3.0.0, cpe:/o:siemens:scalance_xb216_%28e%2fip%29_firmware:4.5, cpe:/o:siemens:siplus_net_scalance_xc208_firmware:4.5, cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware:2.3, cpe:/o:siemens:scalance_xr326-2c_poe_wg_firmware:4.5, cpe:/o:siemens:simatic_s7-1200_cpu_series_firmware, cpe:/o:siemens:scalance_xf204-2ba_firmware:4.5, cpe:/o:siemens:scalance_xr552-12m_%282hr2%2c_l3_int.%29_firmware:6.6.1, cpe:/o:siemens:scalance_xr328-4c_wg_%2824xfe%2c4xge%2cac230v%29_firmware:4.5, cpe:/o:siemens:scalance_wum766-1_firmware:3.0.0, cpe:/o:siemens:simatic_s7-1500_cpu_firmware:3.0.3, cpe:/o:siemens:scalance_xc206-2sfp_firmware:4.5, cpe:/o:siemens:scalance_xb213-3_%28sc%2c_e%2fip%29_firmware:4.5, cpe:/o:siemens:simatic_et_200s_im_151-8f_pn%2fdp_cpu_firmware:3.2.19, cpe:/o:siemens:scalance_xm408-4c_firmware:6.6.1, cpe:/o:siemens:scalance_xr526-8c%2c_2x230v_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:30, cpe:/o:siemens:scalance_xr528-6m_firmware:6.6.1, cpe:/o:siemens:scalance_wam766-1_eec_%28us%29_firmware:3.0.0, cpe:/o:siemens:scalance_xr528-6m_%28l3_int.%29_firmware:6.6.1, cpe:/o:siemens:simatic_drive_controller_cpu_firmware:2.9.7
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 3/14/2023
Reference Information
CVE: CVE-2022-4304