Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2016-2031.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens SCALANCE W 1750D Improper Input Validation (CVE-2016-2031)
2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
siemens
scalance w 1750d
vulnerability
input validation
malicious user
security restrictions
sensitive information
unauthorized actions
arbitrary code
firmware
workarounds
mitigations
0.01 Low
EPSS
Percentile
83.4%
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501001);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");
script_cve_id("CVE-2016-2031");
script_name(english:"Siemens SCALANCE W 1750D Improper Input Validation (CVE-2016-2031)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and
4.2.3.1 due to insufficient validation of user-supplied input and
insufficient checking of parameters, which could allow a malicious
user to bypass security restrictions, obtain sensitive information,
perform unauthorized actions and execute arbitrary code.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2016/May/19");
# http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d8f56e63");
script_set_attribute(attribute:"see_also", value:"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/bid/90207");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-315-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Update to the latest firmware version and find further instructions in the document Control Plane Security Best
Practices. Depending on network configuration and risk tolerance, no action may be required.
Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the
devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ operational
guidelines for industrial security and following the recommendations in the product manuals. Additional information on
industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity
For more information refer to Siemens Advisory SSA-431802");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2031");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"family" : "SCALANCEW"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_w1750d_firmware | cpe:/o:siemens:scalance_w1750d_firmware |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2031
seclists.org/fulldisclosure/2016/May/19
www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
www.nessus.org/u?d8f56e63
cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf
www.cisa.gov/news-events/ics-advisories/icsa-20-315-05
www.securityfocus.com/bid/90207
Related
cvelist
cvelist
CVE-2016-2031
2020-01-31 19:33:12
ics
ics
Siemens SCALANCE W 1750D
2020-11-10 12:00:00
cve
cve
CVE-2016-2031
2020-01-31 20:15:10
prion
prion
Input validation
2020-01-31 20:15:00
nvd
nvd
CVE-2016-2031
2020-01-31 20:15:10
packetstorm
packetstorm
Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
2016-05-06 00:00:00