The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory.
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka Content-Type confusion between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.
(CVE-2023-38199)
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*) http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. (CVE-2023-25690)
The use of Module._load()
can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(191429);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/01");
script_cve_id(
"CVE-2022-4203",
"CVE-2022-4304",
"CVE-2022-4450",
"CVE-2023-0215",
"CVE-2023-0216",
"CVE-2023-0217",
"CVE-2023-0286",
"CVE-2023-0401",
"CVE-2023-1255",
"CVE-2023-2454",
"CVE-2023-2455",
"CVE-2023-2650",
"CVE-2023-2975",
"CVE-2023-3446",
"CVE-2023-3817",
"CVE-2023-25690",
"CVE-2023-27522",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-28709",
"CVE-2023-30581",
"CVE-2023-30582",
"CVE-2023-30583",
"CVE-2023-30584",
"CVE-2023-30585",
"CVE-2023-30586",
"CVE-2023-30587",
"CVE-2023-30588",
"CVE-2023-30589",
"CVE-2023-30590",
"CVE-2023-31124",
"CVE-2023-31130",
"CVE-2023-31147",
"CVE-2023-32002",
"CVE-2023-32003",
"CVE-2023-32004",
"CVE-2023-32005",
"CVE-2023-32006",
"CVE-2023-32067",
"CVE-2023-32558",
"CVE-2023-32559",
"CVE-2023-34035",
"CVE-2023-35945",
"CVE-2023-38039",
"CVE-2023-38199",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-39417",
"CVE-2023-39418",
"CVE-2023-41080",
"CVE-2023-46120",
"CVE-2024-23810",
"CVE-2024-23811",
"CVE-2024-23812"
);
script_xref(name:"ICSA", value:"24-046-15");
script_xref(name:"CEA-ID", value:"CEA-2023-0052");
script_name(english:"Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by
multiple vulnerabilities as referenced in the SSA-943925 advisory.
- coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type
request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload,
aka Content-Type confusion between the WAF and the backend application. This occurs when the web
application relies on only the last Content-Type header. Other platforms may reject the additional
Content-Type header or merge conflicting headers, leading to detection as a malformed header.
(CVE-2023-38199)
- Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request
Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of
RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied
request-target (URL) data and is then re-inserted into the proxied request-target using variable
substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)
http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request
splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended
URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version
2.4.56 of Apache HTTP Server. (CVE-2023-25690)
- The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json
definition for a given module. This vulnerability affects all users using the experimental policy
mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was
issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15");
# https://cert-portal.siemens.com/productcert/html/ssa-943925.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6bd043b");
script_set_attribute(attribute:"solution", value:
"Upgrade to Siemens SINEC NMS Server version 2 Service Pack 1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38545");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:siemens:sinec_nms");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("siemens_sinec_nms_win_installed.nbin");
script_require_keys("installed_sw/SINEC NMS");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'SINEC NMS');
var constraints = [{'fixed_version': '2.0.1.0', 'fixed_display': 'V2.0 SP1'}];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28709
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23812
www.nessus.org/u?f6bd043b
www.cisa.gov/news-events/ics-advisories/icsa-24-046-15