Lucene search

K
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2020-26147.NASL
HistoryApr 11, 2023 - 12:00 a.m.

Siemens SCALANCE FragAttacks (CVE-2020-26147)

2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
siemens scalance
fragattacks
cve-2020-26147
linux kernel
plaintext injection
ot asset
tenable.ot

0.001 Low

EPSS

Percentile

46.0%

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500985);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");

  script_cve_id("CVE-2020-26147");

  script_name(english:"Siemens SCALANCE FragAttacks (CVE-2020-26147)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2,
and WPA3 implementations reassemble fragments even though some of them
were sent in plaintext. This vulnerability can be abused to inject
packets and/or exfiltrate selected fragments when another device sends
fragmented frames and the WEP, CCMP, or GCMP data-confidentiality
protocol is used.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.fragattacks.com");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md");
  script_set_attribute(attribute:"see_also", value:"http://www.openwall.com/lists/oss-security/2021/05/11/12");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1eb2468b");
  # https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?839210e5");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26147");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1748-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1788-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1788-2_firmware:-::~~~~eec_m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1788-2_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1788-2ia_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w721-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w722-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w734-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w738-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w748-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w748-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w761-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w774-1_firmware:-::~~~~m12_eec~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w774-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w778-1_firmware:-::~~~~m12_eec~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w778-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w786-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w786-2_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w786-2_firmware:-::~~~~sfp~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w786-2ia_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w788-1_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w788-1_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w788-2_firmware:-::~~~~m12_eec~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w788-2_firmware:-::~~~~m12~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w788-2_firmware:-::~~~~rj45~");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_models = {
  "SCALANCE W1748-1 M12" :
      {"versionEndExcluding" : "3.0.0", "family" : "SCALANCEW"},
  "SCALANCE W1750D" :
      {"versionEndExcluding" : "8.7.1.3", "family" : "SCALANCEW"},
  "SCALANCE W1788-1 M12" :
      {"versionEndExcluding" : "3.0.0", "family" : "SCALANCEW"},
  "SCALANCE W1788-2 EEC M12" :
      {"versionEndExcluding" : "3.0.0", "family" : "SCALANCEW"},
  "SCALANCE W1788-2 M12" :
      {"versionEndExcluding" : "3.0.0", "family" : "SCALANCEW"},
  "SCALANCE W1788-2IA M12" :
      {"versionEndExcluding" : "3.0.0", "family" : "SCALANCEW"},
  "SCALANCE W721-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W722-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W734-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W738-1 M12" :
      {"family" : "SCALANCEW"},
  "SCALANCE W748-1 M12" :
      {"family" : "SCALANCEW"},
  "SCALANCE W761-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W774-1 M12 EEC" :
      {"family" : "SCALANCEW"},
  "SCALANCE W774-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W778-1 M12" :
      {"family" : "SCALANCEW"},
  "SCALANCE W778-1 M12 EEC" :
      {"family" : "SCALANCEW"},
  "SCALANCE W786-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W786-2 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W786-2 SFP" :
      {"family" : "SCALANCEW"},
  "SCALANCE W786-2IA RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W788-1 M12" :
      {"family" : "SCALANCEW"},
  "SCALANCE W788-1 RJ45" :
      {"family" : "SCALANCEW"},
  "SCALANCE W788-2 M12" :
      {"family" : "SCALANCEW"},
  "SCALANCE W788-2 M12 EEC" :
      {"family" : "SCALANCEW"},
  "SCALANCE W788-2 RJ45" :
      {"family" : "SCALANCEW"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_models, severity:SECURITY_NOTE);
VendorProductVersionCPE
siemensscalance_w1748-1_firmware-cpe:/o:siemens:scalance_w1748-1_firmware:-::~~~~m12~
siemensscalance_w1750d_firmware-cpe:/o:siemens:scalance_w1750d_firmware:-
siemensscalance_w1788-1_firmware-cpe:/o:siemens:scalance_w1788-1_firmware:-::~~~~m12~
siemensscalance_w1788-2_firmware-cpe:/o:siemens:scalance_w1788-2_firmware:-::~~~~eec_m12~
siemensscalance_w1788-2_firmware-cpe:/o:siemens:scalance_w1788-2_firmware:-::~~~~m12~
siemensscalance_w1788-2ia_firmware-cpe:/o:siemens:scalance_w1788-2ia_firmware:-::~~~~m12~
siemensscalance_w721-1_firmware-cpe:/o:siemens:scalance_w721-1_firmware:-::~~~~rj45~
siemensscalance_w722-1_firmware-cpe:/o:siemens:scalance_w722-1_firmware:-::~~~~rj45~
siemensscalance_w734-1_firmware-cpe:/o:siemens:scalance_w734-1_firmware:-::~~~~rj45~
siemensscalance_w738-1_firmware-cpe:/o:siemens:scalance_w738-1_firmware:-::~~~~m12~
Rows per page:
1-10 of 261