Lucene search
K

Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-6564)

🗓️ 13 Mar 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 12 Views

Siemens SCALANCE X-200RNA Switches vulnerable to Use After Free, allowing privilege escalation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Open Source openssh affect IBM Security Identity Governance Appliance (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564 )
16 Jun 201821:46
ibm
IBM Security Bulletins
IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index
31 Jan 202100:10
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)
29 Mar 202301:48
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)
18 Jun 201801:34
ibm
IBM Security Bulletins
Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)
19 Jul 202000:49
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
16 Jun 201821:45
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in ntp, libxml2, openssh, sqlite and python-base affect IBM BladeCenter Advanced Management Module (AMM)
14 Apr 202314:32
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
18 Feb 202301:45
ibm
IBM Security Bulletins
Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
16 Jun 201821:47
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840
18 Jun 201800:32
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(503131);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/13");

  script_cve_id("CVE-2015-6564");
  script_xref(name:"ICSA", value:"22-349-21");

  script_name(english:"Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-6564)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Use-after-free vulnerability in the mm_answer_pam_free_ctx function in
monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might
allow local users to gain privileges by leveraging control of the sshd
uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109814809/");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-21");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6564");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(416);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_%28hsr%29_firmware:3.2.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_%28prp%29_firmware:3.2.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_eec_%28hsr%29_firmware:3.2.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_eec_%28prp%29_firmware:3.2.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204rna_eec_%28prp%2fhsr%29_firmware:3.2.7");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_x204rna_%28hsr%29_firmware:3.2.7" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200", "orderNumbers" : ['6GK5204-0BA00-2MB2']},
    "cpe:/o:siemens:scalance_x204rna_%28prp%29_firmware:3.2.7" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200", "orderNumbers" : ['6GK5204-0BA00-2KB2']},
    "cpe:/o:siemens:scalance_x204rna_eec_%28hsr%29_firmware:3.2.7" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200", "orderNumbers" : ['6GK5204-0BS00-2NA3']},
    "cpe:/o:siemens:scalance_x204rna_eec_%28prp%29_firmware:3.2.7" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200", "orderNumbers" : ['6GK5204-0BS00-3LA3']},
    "cpe:/o:siemens:scalance_x204rna_eec_%28prp%2fhsr%29_firmware:3.2.7" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200", "orderNumbers" : ['6GK5204-0BS00-3PA3']}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Mar 2025 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 26.9
CVSS 3.17
EPSS0.00599
SSVC
12