Detections
Analytics

Siemens SIMATIC S7-1500 Truncation of Security-relevant Information (CVE-2023-48795)

medium Tenable OT Security Plugin ID 502223

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message. A client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

- Only build and run applications from trusted sources

Product-specific remediations or mitigations can be found in the section 'Affected Products and Solution' of the vendor advisory.

For more information, see the associated Siemens security advisory in HTML and CSAF.

See Also

https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-04

https://cert-portal.siemens.com/productcert/html/ssa-794697.html

https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Plugin Details

Severity: Medium

ID: 502223

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 4/22/2024

Updated: 9/19/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-48795

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:simatic_s7-1500_tm_mfp, cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware, cpe:/o:siemens:simatic_s7-1500_cpu_1518f-4_pn%2fdp_mfp_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/9/2024

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2023-48795

ICSA: 24-102-04