Siemens Industrial Products LLDP Uncontrolled Resource Consumption (CVE-2020-27827)

high Tenable OT Security Plugin ID 501104

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for the following products:

- SIMATIC HMI Unified Comfort Panels: Update to v17 or later
- TIM 1531 IRC (incl. SIPLUS NET variants): Update to v2.2 or later
- SIMATIC NET CP 1545-1: Update to v1.1 or later

- SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): Update to v3.3.46 or later
- SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): Update to v3.3.46 or later

- SIMATIC CP 1243-1 (incl. SIPLUS variants) (6GK7243-1BX30-0XE0): Update to v3.3.46 or later
- SIMATIC NET CP 1243-8 IRC (6GK7243-8RX30-0XE0): Update to v3.3.46 or later
- SINUMERIK ONE MCP: Update to v2.0.1 or later. Please contact a Siemens representative for information on how to obtain the update.
- SIMATIC NET CP 1543-1: Update to v3.0 or later

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Disable LLDP protocol support on Ethernet port. This will potentially disrupt the network visibility.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens Operational Guidelines for Industrial Security and following the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

Please see Siemens Security Advisory SSA-941426 for more information.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1921438

http://www.nessus.org/u?3b388ce3

https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07

http://www.nessus.org/u?07bb5e91

http://www.nessus.org/u?8cd78877

http://www.nessus.org/u?c22f2553

Plugin Details

Severity: High

ID: 501104

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 5/2/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-27827

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_net_cp_1545-1_firmware:-, cpe:/o:siemens:simatic_net_cp_1542sp-1_firmware:-, cpe:/o:siemens:simatic_net_cp_1543sp-1_firmware:-, cpe:/o:siemens:simatic_net_cp_1543-1_firmware:-, cpe:/o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-, cpe:/o:siemens:simatic_net_cp_1243-1_firmware:-, cpe:/o:siemens:simatic_net_cp_1243-8_irc_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 3/18/2021

Vulnerability Publication Date: 3/18/2021

Reference Information

CVE: CVE-2020-27827