Lucene search

K

Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Handling of Inconsistent Structural Elements (CVE-2021-31890)

Siemens Nucleus RTOS APOGEE and TALON Products Vulnerabilit

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2021-31883)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Out-of-Bounds Read (CVE-2021-31881)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Buffer Access with Incorrect Length Value (CVE-2021-31885)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Null Termination (CVE-2021-31888)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Null Termination (CVE-2021-31887)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Null Termination (CVE-2021-31884)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2021-31882)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Null Termination (CVE-2021-31886)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Validation of Specified Quantity in Input (CVE-2021-31345)
7 Feb 202200:00
nessus
Tenable Nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Integer Underflow (CVE-2021-31889)
7 Feb 202200:00
nessus
Rows per page
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500571);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");

  script_cve_id("CVE-2021-31890");
  script_xref(name:"ICSA", value:"21-313-03");
  script_xref(name:"ICSA", value:"21-315-07");

  script_name(english:"Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Handling of Inconsistent Structural Elements (CVE-2021-31890)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All
versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC
(PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All
versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE
PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular
(BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet)
(All versions < V2.8.19), Capital VSTAR (All versions with enabled
Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and <
V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016),
Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo
PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D
(All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions
>= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and
< V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016),
Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo
PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D
(All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions
>= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and <
V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All
versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1),
Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All
versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC
Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet)
(All versions < V3.5.4). The total length of an TCP payload (set in
the IP header) is unchecked. This may lead to various side effects,
including Information Leak and Denial-of-Service conditions, depending
on the network buffer organization in memory. (FSMD-2021-0017)

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens recommends the following specific workarounds and mitigations users can apply to reduce the risk:

- Desigo products: update to v6.30.016 or later
- APOGEE PXC Compact (P2 Ethernet) and APOGEE PXC Modular (P2 Ethernet): update to v2.8.19 or later. Contact a Siemens
office for support.
- TALON TC Compact (BACnet), TALON TC Modular (BACnet), APOGEE PXC Compact (BACnet), and APOGEE PXC Modular (BACnet):
update to v3.5.4 or later. Contact a Siemens office for support.

- CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address
configuration instead (Note the DHCP client is disabled by default on APOGEE/TALON and Desigo products).
- CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note the FTP service is
disabled by default on Desigo products).

As a general security measure Siemens strongly recommends protecting network access to affected products with
appropriate mechanisms. It is advised to follow recommended security practices to run the devices in a protected IT
environment.

For more information see Siemens Security Advisory SSA-114589");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-31890");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(240);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:apogee_modular_building_controller_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:apogee_modular_equiment_controller_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:apogee_pxc_compact_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:apogee_pxc_modular_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:apogee_modular_building_controller_firmware" :
        {"family" : "PxcModular"},
    "cpe:/o:siemens:apogee_modular_equiment_controller_firmware" :
        {"family" : "PxcModular"},
    "cpe:/o:siemens:apogee_pxc_compact_firmware" :
        {"family" : "PxcCompact"},
    "cpe:/o:siemens:apogee_pxc_modular_firmware" :
        {"family" : "PxcModular"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Feb 2022 00:00Current
8.7High risk
Vulners AI Score8.7
CVSS27.5
CVSS39.8
EPSS0.010
45
.json
Report