Siemens 44x-1 RNA CP Remote Administrative Action Execution

high Nessus Network Monitor Plugin ID 153

Synopsis

A Siemens 44x-1 RNA Communication Processor (CP) has been detected that can allow an unauthenticated remote attacker to perform administrative actions

Description

Siemens 44x-1 RNA Communication Processors (CP), for all versions prior to 1.4.1, has a flaw that can allow an unauthenticated remote attacker to perform adminstrative actions if network access to port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.

Solution

Siemens provides a firmware update V1.4.1 for SIMATIC CP 44x-1 RNA modules which fixes the vulnerability

Plugin Details

Severity: High

ID: 153

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:siemens:simatic_cp_44x-1_redundant_network_access_modules

Patch Publication Date: 6/20/2017

Vulnerability Publication Date: 6/20/2017

Reference Information

CVE: CVE-2017-6868

BID: 99234

Detections

Analytics