Siemens SIMATIC S7-1500 Open Redirect (CVE-2014-2248)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500265);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");

  script_cve_id("CVE-2014-2248");

  script_name(english:"Siemens SIMATIC S7-1500 Open Redirect (CVE-2014-2248)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before
1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified
vectors.  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more
information.");
  script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01");
  # http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a691e748");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/66190");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2248");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1" :
        {"versionEndIncluding" : "1.1.1", "versionStartIncluding" : "1.1.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0" :
        {"versionEndIncluding" : "1.1.0", "versionStartIncluding" : "1.1.0", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1" :
        {"versionEndIncluding" : "1.0.1", "versionStartIncluding" : "1.0.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware" :
        {"versionEndIncluding" : "1.1.2", "family" : "S71500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);