Siemens OpenSSL in Industrial Products (CVE-2021-3449)

medium Tenable OT Security Plugin ID 500504

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.
OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for several affected products and recommends updating to the latest versions available.
Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available. Please see Siemens SSA-772220 to determine if there is an update available.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security, and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens.

Additional Reference: SSA-772220 (PDF)

Additional Reference: SSA-772220 (TXT)

Additional Reference: SSA-772220 (CSAF)

See Also

http://www.nessus.org/u?6aafb4b2

https://www.openssl.org/news/secadv/20210325.txt

http://www.nessus.org/u?8a21cd9d

https://www.debian.org/security/2021/dsa-4875

https://security.netapp.com/advisory/ntap-20210326-0006/

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc

http://www.openwall.com/lists/oss-security/2021/03/27/1

http://www.openwall.com/lists/oss-security/2021/03/27/2

http://www.openwall.com/lists/oss-security/2021/03/28/3

http://www.openwall.com/lists/oss-security/2021/03/28/4

https://security.gentoo.org/glsa/202103-03

https://www.tenable.com/security/tns-2021-06

https://www.tenable.com/security/tns-2021-05

http://www.nessus.org/u?9e6d325e

https://kc.mcafee.com/corporate/index?page=content&id=SB10356

https://www.tenable.com/security/tns-2021-09

https://security.netapp.com/advisory/ntap-20210513-0002/

https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-05

https://www.tenable.com/security/tns-2021-10

https://www.oracle.com/security-alerts/cpuApr2021.html

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013

https://www.oracle.com//security-alerts/cpujul2021.html

https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujul2022.html

Plugin Details

Severity: Medium

ID: 500504

Version: 1.10

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-3449

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware, cpe:/o:siemens:scalance_xr524-8c_firmware, cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware, cpe:/o:siemens:ruggedcom_rcm1224_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware, cpe:/o:siemens:scalance_sc-600_firmware, cpe:/o:siemens:scalance_xf-200ba_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware, cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware, cpe:/o:siemens:simatic_net_cp1243-7_lte_eu_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware, cpe:/o:siemens:scalance_xm-400_firmware, cpe:/o:siemens:scalance_w700_firmware, cpe:/o:siemens:scalance_xb-200_firmware, cpe:/o:siemens:scalance_xr552-12_firmware, cpe:/o:siemens:scalance_xc-200_firmware, cpe:/o:siemens:scalance_xr-300wg_firmware, cpe:/o:siemens:simatic_net_cp_1543-1_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware, cpe:/o:siemens:scalance_lpe9403_firmware, cpe:/o:siemens:scalance_s623_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware, cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware, cpe:/o:siemens:scalance_w1700_firmware, cpe:/o:siemens:scalance_xr526-8c_firmware, cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-, cpe:/o:siemens:scalance_s612_firmware, cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware, cpe:/o:siemens:simatic_net_cp1243-7_lte_us_firmware, cpe:/o:siemens:simatic_net_cp_1243-1_firmware, cpe:/o:siemens:scalance_s627-2m_firmware, cpe:/o:siemens:simatic_net_cp_1545-1_firmware, cpe:/o:siemens:scalance_xp-200_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:scalance_m-800_firmware, cpe:/o:siemens:scalance_xr528-6m_firmware, cpe:/o:siemens:scalance_s602_firmware, cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/25/2021

Vulnerability Publication Date: 3/25/2021

Reference Information

CVE: CVE-2021-3449

CWE: 476

DSA: DSA-4875

FEDORA: FEDORA-2021-cbf14ab8f9

GLSA: GLSA-202103-03

ICSA: 22-104-05