Siemens SIMATIC S7-1500 Insufficient Entropy (CVE-2014-2251)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500041);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/26");

  script_cve_id("CVE-2014-2251");

  script_name(english:"Siemens SIMATIC S7-1500 Insufficient Entropy (CVE-2014-2251)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have
sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack
sessions via unspecified vectors.  

This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
  # http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a691e748");
  script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2251");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware" :
        {"versionEndIncluding" : "1.1.2", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1" :
        {"versionEndIncluding" : "1.1.1", "versionStartIncluding" : "1.1.1", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0" :
        {"versionEndIncluding" : "1.1.0", "versionStartIncluding" : "1.1.0", "family" : "S71500"},
    "cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1" :
        {"versionEndIncluding" : "1.0.1", "versionStartIncluding" : "1.0.1", "family" : "S71500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);