Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-29998.NASLHistoryJan 25, 2023 - 12:00 a.m.
Siemens VxWorks-based Industrial Products Heap Overflow (CVE-2021-29998)
2023-01-2500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
siemens
vxworks
industrial products
heap overflow
cve-2021-29998
wind river
dhcp client
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500741);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");
script_cve_id("CVE-2021-29998");
script_name(english:"Siemens VxWorks-based Industrial Products Heap Overflow (CVE-2021-29998)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An issue was discovered in Wind River VxWorks before 6.5. There is a
possible heap overflow in dhcp client.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://support2.windriver.com/index.php?page=security-notices");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf");
script_set_attribute(attribute:"see_also", value:"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29998");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(787);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x200-4_p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2fm_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ld_ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204-2ts_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x204_irt_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x206-1ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x208_pro_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x212-2ld_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x216_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x224_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x300_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_x408_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf201-3p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf202-2p_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf204_irt_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf206-1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xf208_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_x200-4_p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204_irt_pro_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_x204-2_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2fm_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ld_ts_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x204-2ts_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x206-1ld_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x208_pro_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x212-2ld_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x216_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x224_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_x300_firmware" :
{"family" : "SCALANCEX300"},
"cpe:/o:siemens:scalance_x408_firmware" :
{"family" : "SCALANCEX400"},
"cpe:/o:siemens:scalance_xf201-3p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf202-2p_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf204-2_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf204-2ba_irt_firmware" :
{"family" : "SCALANCEX200IRT"},
"cpe:/o:siemens:scalance_xf206-1_firmware" :
{"family" : "SCALANCEX200"},
"cpe:/o:siemens:scalance_xf208_firmware" :
{"family" : "SCALANCEX200"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_xf206-1_firmware | cpe:/o:siemens:scalance_xf206-1_firmware | |
| siemens | scalance_x202-2_irt_firmware | cpe:/o:siemens:scalance_x202-2_irt_firmware | |
| siemens | scalance_x208_pro_firmware | cpe:/o:siemens:scalance_x208_pro_firmware | |
| siemens | scalance_x202-2p_irt_pro_firmware | cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware | |
| siemens | scalance_xf208_firmware | cpe:/o:siemens:scalance_xf208_firmware | |
| siemens | scalance_x202-2p_irt_firmware | cpe:/o:siemens:scalance_x202-2p_irt_firmware | |
| siemens | scalance_x212-2ld_firmware | cpe:/o:siemens:scalance_x212-2ld_firmware | |
| siemens | scalance_xf201-3p_irt_firmware | cpe:/o:siemens:scalance_xf201-3p_irt_firmware | |
| siemens | scalance_xf204_firmware | cpe:/o:siemens:scalance_xf204_firmware | |
| siemens | scalance_x224_firmware | cpe:/o:siemens:scalance_x224_firmware |
Related
ics
ics
Siemens VxWorks-based Industrial Products (Update C)
2022-07-14 12:00:00
Mitsubishi Electric MELSEC-Q Series C Controller Module
2022-04-12 12:00:00
prion
prion
Heap overflow
2021-04-13 17:15:00
nvd
nvd
CVE-2021-29998
2021-04-13 17:15:12
cve
cve
CVE-2021-29998
2021-04-13 17:15:12
nessus
nessus
cvelist
cvelist
CVE-2021-29998
2021-04-13 16:16:51
9.8 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.1%
Related for TENABLE_OT_SIEMENS_CVE-2021-29998.NASL