Use of insufficiently random values in Siemens Linux Based Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-25705 |
| CWE-ID | CWE-330 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
SIMATIC NET CP 1545-1 Hardware solutions / Firmware SIMATIC NET CP 1543SP-1 Hardware solutions / Firmware SIMATIC NET CP 1543-1 Hardware solutions / Firmware SIMATIC NET CP 1542SP-1 IRC Hardware solutions / Firmware SIMATIC NET CP 1243-8 IRC Hardware solutions / Firmware SIMATIC NET CP 1243-7 Hardware solutions / Firmware SIMATIC NET CP 1243-7 LTE US Hardware solutions / Firmware SIMATIC NET CP 1243-7 LTE EU Hardware solutions / Firmware SCALANCE W1750D Hardware solutions / Firmware SCALANCE M-800 / S615 Hardware solutions / Firmware SIMATIC NET CP 1243-1 Hardware solutions / Firmware TIM 1531 IRC Hardware solutions / Firmware RUGGEDCOM RM1224 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE SC-600 Hardware solutions / Routers & switches, VoIP, GSM, etc SIMATIC Cloud Connect 7 Client/Desktop applications / Other client software SIMATIC MV500 Hardware solutions / Security hardware applicances SINEMA Remote Connect Server Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Use of insufficiently random values
EUVDB-ID: #VU49150
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-25705
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSIMATIC NET CP 1545-1: All versions
SIMATIC NET CP 1543SP-1: - - 2.0
SIMATIC NET CP 1543-1: - - 2.2
SIMATIC NET CP 1542SP-1 IRC: - - 2.0
SIMATIC NET CP 1243-8 IRC: - - 3.1.39
SIMATIC NET CP 1243-7: - - 3.1.39
SIMATIC NET CP 1243-7 LTE US: - - 3.1.39
SIMATIC NET CP 1243-7 LTE EU: - - 3.1.39
SCALANCE W1750D: 8.3.0.1 - 8.7.0
SCALANCE M-800 / S615: - - 6.4
RUGGEDCOM RM1224: - - 6.4
SIMATIC NET CP 1243-1: - - 3.1.39
SIMATIC Cloud Connect 7: All versions
SIMATIC MV500: All versions
TIM 1531 IRC: All versions
SINEMA Remote Connect Server: before 3.0 SP1
SCALANCE SC-600: before 2.1.3
CPE2.3- cpe:2.3:h:siemens:simatic_net_cp_1545-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1543-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1543-1:2.2:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:3.1.39:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-7:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-7_lte_us:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_w1750d:8.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_m-800_s615:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:ruggedcom_rm1224:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_net_cp_1243-1:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_cloud_connect_7:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_mv500:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:tim_1531_irc:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:scalance_sc-600:*:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-21-131-03
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
