Detections
Analytics
Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0465)
medium Tenable OT Security Plugin ID 502323
Synopsis
The remote OT asset is affected by a vulnerability.Description
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether.
Policy processing is disabled by default but can be enabled by passing the '-policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies() function.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:- Only build and run applications from trusted sources.
See Also
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
https://cert-portal.siemens.com/productcert/html/ssa-879734.html
https://cert-portal.siemens.com/productcert/html/ssa-625862.html
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
https://www.openssl.org/news/secadv/20230207.txt
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
Plugin Details
Severity: Medium
ID: 502323
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 7/23/2024
Updated: 7/23/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Information
CPE: cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware, cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:scalance_xm416-4c_firmware, cpe:/o:siemens:scalance_xr524-8c_firmware, cpe:/o:siemens:simatic_cp_1543sp-1_firmware, cpe:/o:siemens:scalance_xm408-4c_firmware, cpe:/o:siemens:simatic_s7-1500_tm_mfp, cpe:/o:siemens:simatic_cp_1542sp-1_firmware, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware, cpe:/o:siemens:scalance_xr526-8c_firmware, cpe:/o:siemens:scalance_xm408-8c_firmware, cpe:/o:siemens:scalance_xr552-12m_firmware, cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware, cpe:/o:siemens:scalance_xr528-6m_firmware
Required KB Items: Tenable.ot/Siemens
Patch Publication Date: 1/10/2023
Vulnerability Publication Date: 1/10/2023
Reference Information
CVE: CVE-2023-0465
CWE: 326