Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2018-7082.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens SCALANCE W1750D Command Injection (CVE-2018-7082)
2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
siemens scalance w1750d
command injection
aruba instant
cve-2018-7082
aruba instant 4.2.4.12
aruba instant 6.5.4.11
aruba instant 8.3.0.6
aruba instant 8.4.0.0
tenable.ot
0.003 Low
EPSS
Percentile
66.2%
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None.
Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501041);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");
script_cve_id("CVE-2018-7082");
script_name(english:"Siemens SCALANCE W1750D Command Injection (CVE-2018-7082)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A command injection vulnerability is present in Aruba Instant that
permits an authenticated administrative user to execute arbitrary
commands on the underlying operating system. A malicious administrator
could use this ability to install backdoors or change system
configuration in a way that would not be logged. Workaround: None.
Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and
8.4.0.0
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-19-134-07");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108374");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends users upgrade to Version 8.4.0.1 or later, which can be downloaded from the following link:
https://support.industry.siemens.com/cs/us/en/view/109766816/
Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:
- Restrict access to the web-based management interface to the internal or VPN network.
- Do not browse other websites and do not click on external links while being authenticated to the administrative web
interface.
- Apply appropriate strategies for mitigation.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to SiemensΓ’ΒΒ operational guidelines for industrial security, and following the recommendations in
the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
For more information on these vulnerabilities and associated software updates, please see Siemens security advisory
SSA-549547 on their website:
https://www.siemens.com/cert/advisories");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7082");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(78);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"versionEndExcluding" : "8.4.0.1", "family" : "SCALANCEW"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_w1750d_firmware | cpe:/o:siemens:scalance_w1750d_firmware |
Related
nvd
nvd
CVE-2018-7082
2019-05-10 17:29:01
prion
prion
Command injection
2019-05-10 17:29:00
cve
cve
CVE-2018-7082
2019-05-10 17:29:01
cvelist
cvelist
CVE-2018-7082
2019-05-10 16:49:16
ics
ics
Siemens SCALANCE W1750D
2019-05-14 12:00:00