Detections
Analytics
Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0466)
medium Tenable OT Security Plugin ID 502325
Synopsis
The remote OT asset is affected by a vulnerability.Description
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function.
Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:- Only build and run applications from trusted sources.
See Also
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
https://cert-portal.siemens.com/productcert/html/ssa-879734.html
https://cert-portal.siemens.com/productcert/html/ssa-625862.html
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
https://www.openssl.org/news/secadv/20230207.txt
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
Plugin Details
Severity: Medium
ID: 502325
Version: 1.1
Type: remote
Family: Tenable.ot
Published: 7/23/2024
Updated: 7/23/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Information
CPE: cpe:/o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware, cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:scalance_xm416-4c_firmware, cpe:/o:siemens:scalance_xr524-8c_firmware, cpe:/o:siemens:simatic_cp_1543sp-1_firmware, cpe:/o:siemens:scalance_xm408-4c_firmware, cpe:/o:siemens:simatic_s7-1500_tm_mfp, cpe:/o:siemens:simatic_cp_1542sp-1_firmware, cpe:/o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware, cpe:/o:siemens:scalance_xr526-8c_firmware, cpe:/o:siemens:scalance_xm408-8c_firmware, cpe:/o:siemens:scalance_xr552-12m_firmware, cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware, cpe:/o:siemens:scalance_xr528-6m_firmware
Required KB Items: Tenable.ot/Siemens
Patch Publication Date: 1/10/2023
Vulnerability Publication Date: 1/10/2023
Reference Information
CVE: CVE-2023-0466
CWE: 326