Siemens SCALANCE LPE940 Improper Preservation of Permissions (CVE-2022-0847)

high Tenable OT Security Plugin ID 500996

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends users of the affected product update to Version 2.0 or later.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-222547

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=2060795

https://dirtypipe.cm4all.com/

http://www.nessus.org/u?8a5eca59

http://www.nessus.org/u?cdc2345d

http://www.nessus.org/u?a2a64eb8

https://www.suse.com/support/kb/doc/?id=000020603

https://security.netapp.com/advisory/ntap-20220325-0005/

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015

Plugin Details

Severity: High

ID: 500996

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 4/11/2023

Updated: 1/15/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-0847

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_lpe9403_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/10/2022

Vulnerability Publication Date: 3/10/2022

CISA Known Exploited Vulnerability Due Dates: 5/16/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Dirty Pipe Local Privilege Escalation via CVE-2022-0847)

Reference Information

CVE: CVE-2022-0847

CWE: 665