Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2018-7064)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501033);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");

  script_cve_id("CVE-2018-7064");

  script_name(english:"Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2018-7064)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A reflected cross-site scripting (XSS) vulnerability is present in an
unauthenticated Aruba Instant web interface. An attacker could use
this vulnerability to trick an IAP administrator into clicking a link
which could then take administrative actions on the Instant cluster,
or expose the session cookie for an administrative session.
Workaround: Administrators should make sure they log out of the Aruba
Instant UI when not actively managing the system, and should use
caution clicking links from external sources while logged into the IAP
administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12,
6.5.4.11, 8.3.0.6, and 8.4.0.0

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108374");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-134-07");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends users upgrade to Version 8.4.0.1 or later, which can be downloaded from the following link:

https://support.industry.siemens.com/cs/us/en/view/109766816/

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:

- Restrict access to the web-based management interface to the internal or VPN network.
- Do not browse other websites and do not click on external links while being authenticated to the administrative web
interface.
- Apply appropriate strategies for mitigation.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to Siemens’ operational guidelines for industrial security, and following the recommendations in
the product manuals.

Additional information on Industrial Security by Siemens can be found at:

https://www.siemens.com/industrialsecurity

For more information on these vulnerabilities and associated software updates, please see Siemens security advisory
SSA-549547 on their website:

https://www.siemens.com/cert/advisories");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7064");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_w1750d_firmware" :
        {"versionEndExcluding" : "8.4.0.1", "family" : "SCALANCEW"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);