Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2013-5944.NASL
HistoryAug 03, 2023 - 12:00 a.m.

Siemens Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family (CVE-2013-5944)

2023-08-0300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
siemens
scalancex200
scalancex200irt
unauthenticated access
critical services
firmware vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501590);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");

  script_cve_id("CVE-2013-5944");

  script_name(english:"Siemens Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family (CVE-2013-5944)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The integrated web server on Siemens SCALANCE X-200 switches with
firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0
does not properly enforce authentication requirements, which allows
remote attackers to perform administrative actions via requests to the
management interface.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-176087.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e60cbc7d");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5944");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-200_series_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x-200irt_series_firmware:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_x-200_series_firmware:4.3" :
        {"versionEndExcluding" : "4.5.0", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:scalance_x-200irt_series_firmware:4.3" :
        {"versionEndExcluding" : "5.1.0", "family" : "SCALANCEX200IRT"},
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemensscalance_x-200_series_firmware-cpe:/o:siemens:scalance_x-200_series_firmware:-
siemensscalance_x-200irt_series_firmware-cpe:/o:siemens:scalance_x-200irt_series_firmware:-

Related

cve 1
ics 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2013-5944
2013-10-03 11:04:43
ics
ics
Siemens SCALANCE X-200 Authentication Bypass Vulnerability
2013-10-03 12:00:00
nvd
nvd
CVE-2013-5944
2013-10-03 11:04:43
prion
prion
Design/Logic Flaw
2013-10-03 11:04:00
cvelist
cvelist
CVE-2013-5944
2013-10-03 10:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2013-5944.NASL
cve1ics1nvd1prion1cvelist1