Siemens SIPROTEC 5 Devices Uncontrolled Resource Consumption (CVE-2022-45044)

medium Tenable OT Security Plugin ID 500719

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

- Restrict access to ports 443/TCP and 4443/TCP to trusted only IP addresses.

Operators of critical power systems worldwide are usually required by regulations to build resilience into power grids by applying multi-level redundant secondary protection schemes. Therefore, Siemens recommends operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update prior to application, and supervision by trained staff of the update process in the target environment.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and to follow the recommendations in the product manuals. For more information, see the associated Siemens security advisory SSA-408105 in HTML and CSAF.

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-11

Plugin Details

Severity: Medium

ID: 500719

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 1/5/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-45044

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:siprotec_5_6md89_firmware:-, cpe:/o:siemens:siprotec_5_7sl87_firmware:-, cpe:/o:siemens:siprotec_5_7sk82_firmware:-, cpe:/o:siemens:siprotec_5_7vk87_firmware:-, cpe:/o:siemens:siprotec_5_7sd86_firmware:-, cpe:/o:siemens:siprotec_5_7sj85_firmware:-, cpe:/o:siemens:siprotec_5_7sj86_firmware:-, cpe:/o:siemens:siprotec_5_7ut82_firmware:-, cpe:/o:siemens:siprotec_5_compact_7sx800_firmware:-, cpe:/o:siemens:siprotec_5_7sd82_firmware:-, cpe:/o:siemens:siprotec_5_7sl86_firmware:-, cpe:/o:siemens:siprotec_5_7sa86_firmware:-, cpe:/o:siemens:siprotec_5_7ut85_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethbb2fo_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethbd2fo_firmware:-, cpe:/o:siemens:siprotec_5_7ss85_firmware:-, cpe:/o:siemens:siprotec_5_7sx85_firmware:-, cpe:/o:siemens:siprotec_5_7sa87_firmware:-, cpe:/o:siemens:siprotec_5_7sj81_firmware:-, cpe:/o:siemens:siprotec_5_7sj82_firmware:-, cpe:/o:siemens:siprotec_5_7um85_firmware:-, cpe:/o:siemens:siprotec_5_7ut86_firmware:-, cpe:/o:siemens:siprotec_5_communication_module_ethba2el_firmware:-, cpe:/o:siemens:siprotec_5_7sk85_firmware:-, cpe:/o:siemens:siprotec_5_7ke85_firmware:-, cpe:/o:siemens:siprotec_5_7sl82_firmware:-, cpe:/o:siemens:siprotec_5_6md85_firmware:-, cpe:/o:siemens:siprotec_5_7st85_firmware:-, cpe:/o:siemens:siprotec_5_7ve85_firmware:-, cpe:/o:siemens:siprotec_5_6md86_firmware:-, cpe:/o:siemens:siprotec_5_7sd87_firmware:-, cpe:/o:siemens:siprotec_5_6mu85_firmware:-, cpe:/o:siemens:siprotec_5_7ut87_firmware:-, cpe:/o:siemens:siprotec_5_7sa82_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2022

Vulnerability Publication Date: 12/13/2022

Reference Information

CVE: CVE-2022-45044

CWE: 400

ICSA: 22-349-11