Siemens S7 Heartbleed (CVE-2014-0160)

high Tenable OT Security Plugin ID 500424

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://code.google.com/p/mod-spdy/issues/detail?id=85

http://www.exploit-db.com/exploits/32745

http://www.kb.cert.org/vuls/id/720951

https://www.cert.fi/en/reports/2014/vulnerability788210.html

http://www.exploit-db.com/exploits/32764

http://secunia.com/advisories/57836

https://gist.github.com/chapmajs/10473815

http://www.nessus.org/u?8376305c

http://cogentdatahub.com/ReleaseNotes.html

http://marc.info/?l=bugtraq&m=139905458328378&w=2

http://marc.info/?l=bugtraq&m=139869891830365&w=2

http://marc.info/?l=bugtraq&m=139889113431619&w=2

http://www.nessus.org/u?ddfe97e6

http://www.kerio.com/support/kerio-control/release-history

http://www.nessus.org/u?dcfb51d7

http://advisories.mageia.org/MGASA-2014-0165.html

http://www.nessus.org/u?337f7a06

http://www.nessus.org/u?7de2f8eb

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

https://filezilla-project.org/versions.php?type=server

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www.nessus.org/u?dcdcb279

http://marc.info/?l=bugtraq&m=141287864628122&w=2

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://www.nessus.org/u?c46d757d

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://marc.info/?l=bugtraq&m=139817727317190&w=2

http://marc.info/?l=bugtraq&m=139757726426985&w=2

http://marc.info/?l=bugtraq&m=139758572430452&w=2

http://marc.info/?l=bugtraq&m=139905653828999&w=2

http://marc.info/?l=bugtraq&m=139842151128341&w=2

http://marc.info/?l=bugtraq&m=139905405728262&w=2

http://marc.info/?l=bugtraq&m=139833395230364&w=2

http://marc.info/?l=bugtraq&m=139824993005633&w=2

http://marc.info/?l=bugtraq&m=139843768401936&w=2

http://marc.info/?l=bugtraq&m=139905202427693&w=2

http://marc.info/?l=bugtraq&m=139774054614965&w=2

http://marc.info/?l=bugtraq&m=139889295732144&w=2

http://marc.info/?l=bugtraq&m=139835815211508&w=2

http://marc.info/?l=bugtraq&m=140724451518351&w=2

http://marc.info/?l=bugtraq&m=139808058921905&w=2

http://marc.info/?l=bugtraq&m=139836085512508&w=2

http://marc.info/?l=bugtraq&m=139869720529462&w=2

http://marc.info/?l=bugtraq&m=139905868529690&w=2

http://marc.info/?l=bugtraq&m=139765756720506&w=2

http://marc.info/?l=bugtraq&m=140015787404650&w=2

http://marc.info/?l=bugtraq&m=139824923705461&w=2

http://marc.info/?l=bugtraq&m=139757919027752&w=2

http://marc.info/?l=bugtraq&m=139774703817488&w=2

http://marc.info/?l=bugtraq&m=139905243827825&w=2

http://marc.info/?l=bugtraq&m=140075368411126&w=2

http://marc.info/?l=bugtraq&m=139905295427946&w=2

http://marc.info/?l=bugtraq&m=139835844111589&w=2

http://marc.info/?l=bugtraq&m=139757819327350&w=2

http://marc.info/?l=bugtraq&m=139817685517037&w=2

http://marc.info/?l=bugtraq&m=139905351928096&w=2

http://marc.info/?l=bugtraq&m=139817782017443&w=2

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://www.nessus.org/u?bd05ca98

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

http://www.nessus.org/u?bc543587

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

http://secunia.com/advisories/59347

http://secunia.com/advisories/59243

http://secunia.com/advisories/59139

http://www.nessus.org/u?f68d352b

http://www.nessus.org/u?31a74a0b

http://www.nessus.org/u?b7354398

http://support.citrix.com/article/CTX140605

http://www.ubuntu.com/usn/USN-2165-1

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.nessus.org/u?b3e9d2b8

http://www.nessus.org/u?a6abc3fa

http://www.nessus.org/u?e09c159e

http://www.nessus.org/u?3aa4af59

http://www.nessus.org/u?37006736

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

http://www.nessus.org/u?1c45738a

http://www.nessus.org/u?38336169

http://www.nessus.org/u?8f4e30e1

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

http://www.openssl.org/news/secadv_20140407.txt

http://heartbleed.com/

http://www.securitytracker.com/id/1030078

http://seclists.org/fulldisclosure/2014/Apr/109

http://seclists.org/fulldisclosure/2014/Apr/190

http://www.nessus.org/u?bb05d3e3

http://www.nessus.org/u?3053dc8b

http://rhn.redhat.com/errata/RHSA-2014-0376.html

http://rhn.redhat.com/errata/RHSA-2014-0396.html

http://www.securitytracker.com/id/1030082

http://secunia.com/advisories/57347

http://marc.info/?l=bugtraq&m=139722163017074&w=2

http://www.securitytracker.com/id/1030077

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

http://www.debian.org/security/2014/dsa-2896

http://rhn.redhat.com/errata/RHSA-2014-0377.html

http://www.securitytracker.com/id/1030080

http://www.nessus.org/u?93cd0f79

http://www.securitytracker.com/id/1030074

http://seclists.org/fulldisclosure/2014/Apr/90

http://www.securitytracker.com/id/1030081

http://www.nessus.org/u?4f211d28

http://rhn.redhat.com/errata/RHSA-2014-0378.html

http://seclists.org/fulldisclosure/2014/Apr/91

http://secunia.com/advisories/57483

http://www.splunk.com/view/SP-CAAAMB3

http://www.nessus.org/u?d79cd294

http://www.securitytracker.com/id/1030079

http://www.nessus.org/u?8e93b1c3

http://secunia.com/advisories/57721

http://www.blackberry.com/btsc/KB35882

http://www.securitytracker.com/id/1030026

http://www.nessus.org/u?22274a45

http://www.securityfocus.com/bid/66690

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://www.us-cert.gov/ncas/alerts/TA14-098A

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

http://secunia.com/advisories/57966

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

http://seclists.org/fulldisclosure/2014/Apr/173

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://secunia.com/advisories/57968

Plugin Details

Severity: High

ID: 500424

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 8/24/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-0160

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:cp_1543-1_firmware:1.1, cpe:/o:siemens:simatic_s7-1500t_firmware:1.5, cpe:/o:siemens:simatic_s7-1500_firmware:1.5

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/7/2014

Vulnerability Publication Date: 4/7/2014

CISA Known Exploited Vulnerability Due Dates: 5/25/2022

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160

CWE: 125

CERT: TA14-098A

DSA: DSA-2896

FEDORA: FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-9308

HP: HPSBGN03008, HPSBGN03010, HPSBGN03011, HPSBHF03021, HPSBHF03136, HPSBMU02994, HPSBMU02995, HPSBMU02997, HPSBMU02998, HPSBMU02999, HPSBMU03009, HPSBMU03012, HPSBMU03013, HPSBMU03017, HPSBMU03018, HPSBMU03019, HPSBMU03020, HPSBMU03022, HPSBMU03023, HPSBMU03024, HPSBMU03025, HPSBMU03028, HPSBMU03029, HPSBMU03030, HPSBMU03032, HPSBMU03033, HPSBMU03037, HPSBMU03040, HPSBMU03044, HPSBMU03062, HPSBPI03014, HPSBPI03031, HPSBST03000, HPSBST03001, HPSBST03004, HPSBST03015, HPSBST03016, HPSBST03027, SSRT101846

RHSA: RHSA-2014:0376, RHSA-2014:0377, RHSA-2014:0378, RHSA-2014:0396

SECUNIA: 57347, 57483, 57721, 57836, 57966, 57968, 59139, 59243, 59347

SuSE: SUSE-SA:2014:002, openSUSE-SU-2014:0492, openSUSE-SU-2014:0560

USN: USN-2165-1