Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501001);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");
script_cve_id("CVE-2016-2031");
script_name(english:"Siemens SCALANCE W 1750D Improper Input Validation (CVE-2016-2031)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and
4.2.3.1 due to insufficient validation of user-supplied input and
insufficient checking of parameters, which could allow a malicious
user to bypass security restrictions, obtain sensitive information,
perform unauthorized actions and execute arbitrary code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2016/May/19");
# http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d8f56e63");
script_set_attribute(attribute:"see_also", value:"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/90207");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-315-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Update to the latest firmware version and find further instructions in the document Control Plane Security Best
Practices. Depending on network configuration and risk tolerance, no action may be required.
Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the
devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ operational
guidelines for industrial security and following the recommendations in the product manuals. Additional information on
industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information refer to Siemens Advisory SSA-431802");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2031");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"family" : "SCALANCEW"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | scalance_w1750d_firmware | cpe:/o:siemens:scalance_w1750d_firmware |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2031
seclists.org/fulldisclosure/2016/May/19
www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
www.nessus.org/u?d8f56e63
cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf
www.cisa.gov/news-events/ics-advisories/icsa-20-315-05
www.securityfocus.com/bid/90207