Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-20093.NASL
HistoryNov 07, 2022 - 12:00 a.m.

Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20093)

2022-11-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.097 Low

EPSS

Percentile

94.8%

JSON

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500706);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");

  script_cve_id("CVE-2021-20093");

  script_name(english:"Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20093)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A buffer over-read vulnerability exists in Wibu-Systems CodeMeter
versions < 7.21a. An unauthenticated remote attacker can exploit this
issue to disclose heap memory contents or crash the CodeMeter Runtime
Server.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-01.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70853191");
  script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2021-24");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf");
  script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Wibu-Systems recommends the following mitigations:

- Update to Version 7.21a or later.

CVE-2021-20093:

- Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost
an attack is no longer possible via remote network connection. The network server is disabled by default.
- If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port
can reduce the risk.

CVE-2021-20094:

- The CmWAN server is disabled by default. Check if CmWAN is enabled and disable the feature if it is not needed.
- Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated
users.
- The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the
reverse proxy to access the CmWAN port.

For more information on this issue, please see Wibu security advisories: WIBU-210423-01, WIBU-210423-02

For more information on products dependent on the affected CodeMeter see the following vendor security advisories. As
new instances are discovered/reported, they will be added to this list:

- Siemens: SSA-675303");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20093");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(125);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:sicam_230_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:sicam_230_firmware" :
        {"family" : "Sicam"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemenssicam_230_firmwarecpe:/o:siemens:sicam_230_firmware

Related

ics 2
nessus 2
cvelist 2
prion 2
cve 2
osv 1
nvd 2
ics
ics
Wibu-Systems CodeMeter Runtime
2021-07-29 12:00:00
Siemens Desigo CC product family
2023-11-16 12:00:00
nessus
nessus
Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20094)
2023-02-28 00:00:00
CodeMeter Runtime Buffer Over-read (WIBU-210423-01)
2021-06-23 00:00:00
cvelist
cvelist
CVE-2021-20094
2021-06-16 11:09:07
CVE-2021-20093
2021-06-16 11:09:02
prion
prion
Denial of service
2021-06-16 12:15:00
Buffer overflow
2021-06-16 12:15:00
cve
cve
CVE-2021-20094
2021-06-16 12:15:12
CVE-2021-20093
2021-06-16 12:15:12
osv
osv
CVE-2021-20093
2021-06-16 12:15:12
nvd
nvd
CVE-2021-20093
2021-06-16 12:15:12
CVE-2021-20094
2021-06-16 12:15:12

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.097 Low

EPSS

Percentile

94.8%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2021-20093.NASL
ics2nessus2cvelist2prion2cve2osv1nvd2