Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-11449.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens SCALANCE M875 Insufficiently Protected Credentials (CVE-2018-11449)
2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
siemens scalance m875
vulnerability
admin passwords
local file system
exploitation
tenable.ot
0.0004 Low
EPSS
Percentile
12.8%
A vulnerability has been identified in SCALANCE M875 (All versions).
An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500999);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");
script_cve_id("CVE-2018-11449");
script_name(english:"Siemens SCALANCE M875 Insufficiently Protected Credentials (CVE-2018-11449)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE M875 (All versions).
An attacker with access to the local file system might obtain
passwords for administrative users. Successful exploitation requires
read access to files on the local file system. A successful attack
could allow an attacker to obtain administrative passwords. At the
time of advisory publication no public exploitation of this security
vulnerability was known.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11449");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/26");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m875_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_m875_firmware:-" :
{"family" : "SCALANCEM"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_m875_firmware | - | cpe:/o:siemens:scalance_m875_firmware:- |
Related
prion
prion
Code injection
2018-06-26 18:29:00
cvelist
cvelist
CVE-2018-11449
2018-06-15 00:00:00
cve
cve
CVE-2018-11449
2018-06-26 18:29:00
nvd
nvd
CVE-2018-11449
2018-06-26 18:29:00