Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-37182.NASL
HistoryApr 11, 2023 - 12:00 a.m.

Siemens SCALANCE XM-400 and XR-500 Improper Validation of Integrity Check Value (CVE-2021-37182)

2023-04-1100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
siemens
scalance
xm-400
xr-500
ospf
protocol
vulnerability
integrity check
cve-2021-37182
unauthenticated
remote attacker
crafted ospf packets
interruptions
tenable.ot
network scanner

0.002 Low

EPSS

Percentile

55.3%

JSON

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501062);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2021-37182");

  script_name(english:"Siemens SCALANCE XM-400 and XR-500 Improper Validation of Integrity Check Value (CVE-2021-37182)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE XM408-4C (All versions
< V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE
XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All
versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE
XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V
(All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All
versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5),
SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE
XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3
int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions <
V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5),
SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V
(L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All
versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions <
V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M
(2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All
versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5),
SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2)
(All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions <
V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The
OSPF protocol implementation in affected devices fails to verify the
checksum and length fields in the OSPF LS Update messages. An
unauthenticated remote attacker could exploit this vulnerability to
cause interruptions in the network by sending specially crafted OSPF
packets. Successful exploitation requires OSPF to be enabled on an
affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-10");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

For all affected products, Siemens recommends updating to v6.5 or later.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Disable OSPF in the layer 3 configuration menu (note OSPF is disabled by default). The vulnerability is not
exploitable when OSPF is disabled.
- If OSPF is used, set a password for the OSPF interface, and enable MD5 authentication.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensҀ™
operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see Siemens Security Advisory SSA-145224");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37182");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(354);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-4c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-4c_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-8c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm408-8c_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm416-4c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xm416-4c_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~1x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~24v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~2x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~1x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~24v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~2x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~1x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~24v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~2x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~1x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~24v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~2x230v~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_2hr2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_2hr2_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr528-6m_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_2hr2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_2hr2_l3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_xr552-12m_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_xm408-4c_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm408-4c_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm408-8c_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm408-8c_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm416-4c_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xm416-4c_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX400"},
    "cpe:/o:siemens:scalance_xr524-8c_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~1x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~24v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~2x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~1x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~24v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr524-8c_l3_firmware:::~~~~2x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~1x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~24v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_firmware:::~~~~2x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~1x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~24v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr526-8c_l3_firmware:::~~~~2x230v~" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr528-6m_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr528-6m_2hr2_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr528-6m_2hr2_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr528-6m_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr552-12m_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr552-12m_2hr2_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"},
    "cpe:/o:siemens:scalance_xr552-12m_2hr2_l3_firmware" :
        {"versionEndExcluding" : "6.5", "family" : "SCALANCEX500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemensscalance_xm408-4c_firmwarecpe:/o:siemens:scalance_xm408-4c_firmware
siemensscalance_xm408-4c_l3_firmwarecpe:/o:siemens:scalance_xm408-4c_l3_firmware
siemensscalance_xm408-8c_firmwarecpe:/o:siemens:scalance_xm408-8c_firmware
siemensscalance_xm408-8c_l3_firmwarecpe:/o:siemens:scalance_xm408-8c_l3_firmware
siemensscalance_xm416-4c_firmwarecpe:/o:siemens:scalance_xm416-4c_firmware
siemensscalance_xm416-4c_l3_firmwarecpe:/o:siemens:scalance_xm416-4c_l3_firmware
siemensscalance_xr524-8c_firmwarecpe:/o:siemens:scalance_xr524-8c_firmware
siemensscalance_xr524-8c_firmwarecpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~1x230v~
siemensscalance_xr524-8c_firmwarecpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~24v~
siemensscalance_xr524-8c_firmwarecpe:/o:siemens:scalance_xr524-8c_firmware:::~~~~2x230v~
Rows per page:
1-10 of 291

Related

cvelist 1
nvd 1
cve 1
prion 1
ics 1
cvelist
cvelist
CVE-2021-37182
2022-06-14 09:21:24
nvd
nvd
CVE-2021-37182
2022-06-14 10:15:17
cve
cve
CVE-2021-37182
2022-06-14 10:15:17
prion
prion
Design/Logic Flaw
2022-06-14 10:15:00
ics
ics
Siemens SCALANCE XM-400 and XR-500
2022-06-16 12:00:00

0.002 Low

EPSS

Percentile

55.3%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2021-37182.NASL
cvelist1nvd1cve1prion1ics1