Detections
Analytics
Siemens Industrial Devices using libcurl Use After Free (CVE-2021-22924)
low Tenable OT Security Plugin ID 501053
Synopsis
The remote OT asset is affected by a vulnerability.Description
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has released updates for several affected products and recommends updating to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not yet available.
- RUGGEDCOM RM1224, SCALANCE M804PB, SCALANCE M812-1, SCALANCE M816-1, SCALANCE M826-2, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-4, SCALANCE MUM856-1, and SCALANCE S615: Update to v7.1 or later
- SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1: Update to v3.0.22 or later
- SIMATIC RTU3010C, SIMATIC RTU3030C, SIMATIC RTU3031C, and SIMATIC RTU3041C: Update to v5.0 or later
- SIMATIC CP 1242-7 V2, SIMATIC CP 1243-1, SIMATIC CP 1243-7 LTE EU, SIMATIC CP 1243-7 LTE US, SIMATIC CP 1243-8 IRC, SIPLUS NET CP 1242-7 V2, SIPLUS S7-1200 CP 1243-1, and SIPLUS S7-1200 CP 1243-1 RAIL: Update to V3.3.46 or later
- SIMATIC CP 1545-1: Update to v1.1 or later version
- SINEMA Remote Connect Client: Update to v3.1 or later version
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and to follow the recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For additional information, please refer to Siemens Security Advisory SSA-732250
See Also
https://hackerone.com/reports/1223565
http://www.nessus.org/u?1527c2f4
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
http://www.nessus.org/u?a7de169c
http://www.nessus.org/u?d9e232d6
http://www.nessus.org/u?8ad28351
http://www.nessus.org/u?8c671f18
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.cisa.gov/news-events/ics-advisories/icsa-22-132-13
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://www.debian.org/security/2022/dsa-5197
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-17
Plugin Details
Severity: Low
ID: 501053
Version: 1.7
Type: remote
Family: Tenable.ot
Published: 4/11/2023
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2021-22924
CVSS v3
Risk Factor: Low
Base Score: 3.7
Temporal Score: 3.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:scalance_mum856-1_firmware, cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_nam_firmware, cpe:/o:siemens:scalance_m874-3_firmware, cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_eu_firmware, cpe:/o:siemens:logo%21_cmr2040_firmware, cpe:/o:siemens:scalance_m812-1_adsl-router_firmware, cpe:/o:siemens:siplus_s7-1200_cp_1243-1_firmware, cpe:/o:siemens:simatic_cp_1242-7_v2_firmware, cpe:/o:siemens:scalance_m826-2_shdsl-router_firmware, cpe:/o:siemens:logo%21_cmr2020_firmware, cpe:/o:siemens:simatic_cp_1243-7_lte_eu_firmware, cpe:/o:siemens:scalance_m816-1_adsl-router_firmware, cpe:/o:siemens:simatic_cp_1545-1_firmware, cpe:/o:siemens:simatic_cp_1243-7_lte_us_firmware, cpe:/o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware, cpe:/o:siemens:scalance_m874-2_firmware, cpe:/o:siemens:scalance_m876-3_firmware, cpe:/o:siemens:siplus_net_cp_1543-1_firmware, cpe:/o:siemens:scalance_m876-4_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:simatic_cp_1243-8_irc_firmware, cpe:/o:siemens:simatic_cp_1243-1_firmware, cpe:/o:siemens:siplus_net_cp_1242-7_v2_firmware, cpe:/o:siemens:scalance_m804pb_firmware, cpe:/o:siemens:simatic_cp_1543-1_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/5/2021
Vulnerability Publication Date: 8/5/2021
Reference Information
CVE: CVE-2021-22924