Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-20094.NASLHistoryFeb 28, 2023 - 12:00 a.m.
Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20094)
2023-02-2800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
siemens
buffer over-read
wibu-systems
codemeter
runtime
denial of service
vulnerability
unauthenticated remote attacker
crash
tenable.ot
EPSS
0.093
Percentile
94.7%
A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500842);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/19");
script_cve_id("CVE-2021-20094");
script_name(english:"Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20094)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A denial of service vulnerability exists in Wibu-Systems CodeMeter
versions < 7.21a. An unauthenticated remote attacker can exploit this
issue to crash the CodeMeter Runtime Server.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-210423-02.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f840f04c");
script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2021-24");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-210-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Wibu-Systems recommends the following mitigations:
- Update to Version 7.21a or later.
CVE-2021-20093:
- Run CodeMeter as client only and use localhost as binding for the CodeMeter communication. With binding to localhost
an attack is no longer possible via remote network connection. The network server is disabled by default.
- If it is not possible to disable the network server, using a host-based firewall to restrict access to the CmLAN port
can reduce the risk.
CVE-2021-20094:
- The CmWAN server is disabled by default. Check if CmWAN is enabled and disable the feature if it is not needed.
- Run the CmWAN server only behind a reverse proxy with user authentication to prevent attacks from unauthenticated
users.
- The risk of an unauthenticated attacker can be further reduced by using a host-based firewall that only allows the
reverse proxy to access the CmWAN port.
For more information on this issue, please see Wibu security advisories: WIBU-210423-01, WIBU-210423-02
For more information on products dependent on the affected CodeMeter see the following vendor security advisories. As
new instances are discovered/reported, they will be added to this list:
- Siemens: SSA-675303");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20094");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(125);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/06/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:sicam_230_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:sicam_230_firmware:-" :
{"family" : "Sicam"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
nessus
nessus
Siemens Buffer Over-Read in Wibu-Systems CodeMeter Runtime (CVE-2021-20093)
2022-11-07 00:00:00
CodeMeter Runtime Buffer Over-read (WIBU-210423-01)
2021-06-23 00:00:00
ics
ics
Wibu-Systems CodeMeter Runtime
2021-07-29 12:00:00
Siemens Desigo CC product family
2023-11-16 12:00:00
cvelist
cvelist
CVE-2021-20094
2021-06-16 11:09:07
CVE-2021-20093
2021-06-16 11:09:02
prion
prion
Buffer overflow
2021-06-16 12:15:00
Denial of service
2021-06-16 12:15:00
nvd
nvd
CVE-2021-20094
2021-06-16 12:15:12
CVE-2021-20093
2021-06-16 12:15:12
cve
cve
CVE-2021-20094
2021-06-16 12:15:12
CVE-2021-20093
2021-06-16 12:15:12
osv
osv
CVE-2021-20093
2021-06-16 12:15:12