Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-25161.NASL
HistoryApr 11, 2023 - 12:00 a.m.

Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2021-25161)

2023-04-1100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

6.7 Medium

AI Score

Confidence

High

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:
6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501060);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");

  script_cve_id("CVE-2021-25161");

  script_name(english:"Siemens SCALANCE W1750D Improper Neutralization of Input During Web Page Generation (CVE-2021-25161)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A remote cross-site scripting (xss) vulnerability was discovered in
some Aruba Instant Access Point (IAP) products in version(s): Aruba
Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x:
6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba
Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and
below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released
patches for Aruba Instant that address this security vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-14");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf");
  # http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?574bd0ab");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends upgrading SCALANCE W1750D to v8.7.1.3 or later

Siemens has identified the following specific workarounds and mitigations for users to apply to reduce the risk:

- Block access to the Aruba Instant device IP address on Port 8211/UDP from all untrusted users.
- Block access to the Aruba Instant Command Line Interface from all untrusted users.
- Block access to the Aruba Instant Web Management Interface from all untrusted users.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to SiemensҀ™ operational guidelines for industrial security and following the recommendations in
the product manuals.

For additional information see Siemens Security Advisory SSA-723417");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25161");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_w1750d_firmware" :
        {"versionEndExcluding" : "8.7.1.3", "family" : "SCALANCEW"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

6.7 Medium

AI Score

Confidence

High

Related for TENABLE_OT_SIEMENS_CVE-2021-25161.NASL