A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500902);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2021-25676");
script_name(english:"Siemens SCALANCE and RUGGEDCOM Devices SSH Improper Restriction of Excessive Authentication Attempts (CVE-2021-25676)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3),
SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All
Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication
attempts could trigger a temporary Denial-of-Service under certain
conditions. When triggered, the device will reboot automatically.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends applying updates where applicable:
- SCALANCE SC-600: Update to v2.1.3 or later
- RUGGEDCOM RM1224: Update to v6.4 or later
- SCALANCE M-800/S615: Update to v6.4 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Configure the built-in firewall to only allow SSH incoming connections from trusted IP addresses.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in
the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-296266");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25676");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(307);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/15");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_firmware:6.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m-800_series_firmware:6.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_firmware:6.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_sc-600_series_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rm1224_firmware:6.3" :
{"versionEndIncluding" : "6.3", "versionStartIncluding" : "6.3", "family" : "RuggedCom"},
"cpe:/o:siemens:scalance_m-800_series_firmware:6.3" :
{"versionEndIncluding" : "6.3", "versionStartIncluding" : "6.3", "family" : "SCALANCEM"},
"cpe:/o:siemens:scalance_s615_firmware:6.3" :
{"versionEndIncluding" : "6.3", "versionStartIncluding" : "6.3", "family" : "SCALANCES"},
"cpe:/o:siemens:scalance_sc-600_series_firmware" :
{"versionEndExcluding" : "2.1.3", "versionStartIncluding" : "2.1", "family" : "SCALANCES"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | ruggedcom_rm1224_firmware | 6.3 | cpe:/o:siemens:ruggedcom_rm1224_firmware:6.3 |
siemens | scalance_m-800_series_firmware | 6.3 | cpe:/o:siemens:scalance_m-800_series_firmware:6.3 |
siemens | scalance_s615_firmware | 6.3 | cpe:/o:siemens:scalance_s615_firmware:6.3 |
siemens | scalance_sc-600_series_firmware | cpe:/o:siemens:scalance_sc-600_series_firmware |