Siemens SICAM MMU, SICAM T, and SICAM SGU Buffer Copy Without Checking Size of Input (CVE-2020-10042)

critical Tenable OT Security Plugin ID 500409

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends applying updates, where available:

- SICAM MMU: Update to v2.05
- SICAM SGU: For RTU applications, upgrade the discontinued SICAM SGU devices to SICAM A8000 RTUs.
- SICAM T: Update to v2.18

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:

- The firmware updates to SICAM T and SICAM MMU introduce authentication to the web application and remove some unnecessary functionality. The web authentication functionality reduces the risk of access to the device’s web application for executing administrative commands by unauthenticated users.
- Due to hardware constraints, encryption is not possible on the devices. Confidential data such as passwords handled by the devices need to be protected on the network by other means, e.g., by VPN.
- The risk for remote code execution and unauthenticated firmware installation can be mitigated by ensuring encryption and authentication between the user and the device, e.g., by VPN.
- Use a modern and up to date browser.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-305120

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-20-196-03

Plugin Details

Severity: Critical

ID: 500409

Version: 1.11

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-10042

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:sicam_mmu_firmware, cpe:/o:siemens:sicam_t_firmware, cpe:/o:siemens:sicam_sgu_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 7/14/2020

Reference Information

CVE: CVE-2020-10042

CWE: 120

ICSA: 20-196-03