检测
分析学
西门斯SIPROTEC5设备Null指针移位
高位可租OT安全插件ID501142
简表
远程OT资产受脆弱性影响描述性
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40).受创设备缺乏对网站服务请求参数的适当验证非认证远程攻击者可发送特制包,可能导致拒绝目标设备服务条件插件只对Tenable.ot工作
网站s/www.yyueer.com/products/tenable-ot获取更多信息
求解
下文原由网络安全基础设施安全局创建原创可见于CISA.gov西门子发布数种受影响产品更新建议更新最新版本西门子建议对尚缺更新或尚缺更新的产品采取特定对策
SIPROTEC56MD85
SIPROTEC56MD86
SIPROTEC56MU85
SIPROTEC57KE85
SIPROTEC57SA82
SIPROTEC57SA86
SIPROTEC57SA87
SIPROTEC57SD82
SIPROTEC57SD86
SIPROTEC57SD87
SIPROTEC57SJ81
SIPROTEC57SJ82
SIPROTEC57SJ85
SIPROTEC57SJ86
SIPROTEC57SK82
SIPROTEC57SK85
SIPROTEC57SL82
SIPROTEC57SL86
SIPROTEC57SL87(CP300):更新至v9.40或后
SIPROTEC57SS85
SIPROTEC57ST86
SIPROTEC57SX82
SIPROTEC57SX85
SIPROTEC57UM85
SIPROTEC57UT82
SIPROTEC57UT85
SIPROTEC57UT86
SIPROTEC57UT87
SIPROTEC57VE85
SIPROTEC57VK87
SIPROTEC57VU85
ISIPROTEC5通信模块ETH-BA-2EL:更新至v9.40或后
ISIPROTEC5通信模块ETH-BB-2FO:更新至v9.40或
ISIPROTEC5通信模块ETH-BD-2FO:更新至v9.40或后
SIPROTEC57SX800(CP050):更新至v9.40或后
西门子识别出下列具体变通和缓冲用户可应用来减少风险:
块访问端口4443/TCP带外部防火墙
世界范围关键电源系统规则(例如通常需要多级冗余二级保护机制才能建设电网恢复能力建议操作者检查是否制定了适当的抗灾保护措施,以尽量减少网络事件影响网格可靠性的风险
西门子推荐运算符
应用提供安全更新工具并记录程序随产品提供
自动安全更新多产品实例
验证安全更新后应用建议在目标环境受过训练的工作人员监督下展开更新过程。
保护网络访问适当机制(例如:防火墙分割 VPN
为了在受保护IT环境运行设备,建议它根据西门子操作指南配置环境
推荐安全指南可见Siemens网格安全网页
详情见HTML和CSAF中相关Siemens安全咨询
并见
https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-06
插件细节
严重性 :高位
身份证 :501142
版本化 :1.2
类型 :远程
家庭问题 :可调用.ot
发布 :5/16/2023
更新 :7/24/2023
风险信息
VPR
风险因子 :中度
分数 :4.4
CVSS v2
风险因子 :高位
基础评分 :7.8
时间评分 :5.8
向量 :CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS评分源 :CVE2023-28766
CVSSv3
风险因子 :高位
基础评分 :7.5
时间评分 :6.5
向量 :CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
时间向量 :CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE系统 :cpe:/o:siemens:siprotec_5_6md85_firmware,cpe:/o:siemens:siprotec_5_6md86_firmware,cpe:/o:siemens:siprotec_5_6md89_firmware,cpe:/o:siemens:siprotec_5_6mu85_firmware,cpe:/o:siemens:siprotec_5_7ke85_firmware,cpe:/o:siemens:siprotec_5_7sa82_firmware,cpe:/o:siemens:siprotec_5_7sa86_firmware,cpe:/o:siemens:siprotec_5_7sa87_firmware,cpe:/o:siemens:siprotec_5_7sd82_firmware,cpe:/o:siemens:siprotec_5_7sd86_firmware,cpe:/o:siemens:siprotec_5_7sd87_firmware,cpe:/o:siemens:siprotec_5_7sj81_firmware,cpe:/o:siemens:siprotec_5_7sj82_firmware,cpe:/o:siemens:siprotec_5_7sj85_firmware,cpe:/o:siemens:siprotec_5_7sj86_firmware,cpe:/o:siemens:siprotec_5_7sk82_firmware,cpe:/o:siemens:siprotec_5_7sk85_firmware,cpe:/o:siemens:siprotec_5_7sl82_firmware,cpe:/o:siemens:siprotec_5_7sl86_firmware,cpe:/o:siemens:siprotec_5_7sl87_firmware,cpe:/o:siemens:siprotec_5_7ss85_firmware,cpe:/o:siemens:siprotec_5_7st85_firmware,cpe:/o:siemens:siprotec_5_7st86_firmware,cpe:/o:siemens:siprotec_5_7sx82_firmware,cpe:/o:siemens:siprotec_5_7sx85_firmware,cpe:/o:siemens:siprotec_5_7um85_firmware,cpe:/o:siemens:siprotec_5_7ut82_firmware,cpe:/o:siemens:siprotec_5_7ut85_firmware,cpe:/o:siemens:siprotec_5_7ut86_firmware,cpe:/o:siemens:siprotec_5_7ut87_firmware,cpe:/o:siemens:siprotec_5_7ve85_firmware,cpe:/o:siemens:siprotec_5_7vk87_firmware,cpe:/o:siemens:siprotec_5_7vu85_firmware,cpe:/o:siemens:siprotec_5_compact_7sx800_firmware
需要kb项 :Tenable.ot/Siemens
开发易斯 :无已知利用
补丁发布日期 :4/11/2023
漏洞发布日期 :4/11/2023
参考信息
CVE系统 :CVE2023-28766
CWE系统 :476