Detections
Analytics
Siemens LOGO! CMR and SIMATIC RTU 3000 Incorrect Calculation of Buffer Size (CVE-2020-36475)
high Tenable OT Security Plugin ID 501676
Synopsis
The remote OT asset is affected by a vulnerability.Description
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie- Hellman key pairs.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.For LOGO! CMR2020, Siemens recommends affected users update to v2.2 or later. For LOGO! CMR2040, Siemens recommends affected users update to v2.2 or later.
For the SIMATIC RTU 3000 family, Siemens recommends affected users use the certificate projection feature to pin the valid certificates of external servers providing services to the RTU/CMR devices. Refer to the product manual for further information.
See Also
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9
https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://www.cisa.gov/news-events/ics-advisories/icsa-21-257-20
Plugin Details
Severity: High
ID: 501676
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 9/21/2023
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2020-36475
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:logo%21_cmr2020_firmware, cpe:/o:siemens:logo%21_cmr2040_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 8/23/2021
Vulnerability Publication Date: 8/23/2021
Reference Information
CVE: CVE-2020-36475
CWE: 131
ICSA: 21-257-20