Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-37732.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens SCALANCE W1750D Command Injection (CVE-2021-37732)
2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
siemens scalance w1750d
command injection
cve-2021-37732
hpe aruba instant
remote arbitrary command execution
vulnerability
aruba instant 6.4.x.x
aruba instant 6.5.x.x
aruba instant 8.5.x.x
aruba instant 8.6.x.x
aruba instant 8.7.x.x
security patch
tenable.ot
scanner
0.003 Low
EPSS
Percentile
71.0%
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x:
6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below;
Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x:
8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501037);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/24");
script_cve_id("CVE-2021-37732");
script_name(english:"Siemens SCALANCE W1750D Command Injection (CVE-2021-37732)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A remote arbitrary command execution vulnerability was discovered in
HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x:
6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below;
Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x:
8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has
released patches for Aruba Instant (IAP) that address this security
vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-06");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends upgrading their products to the latest version:
- SCALANCE W1750D: Update to v8.7.1.3 or later.
- SCALANCE W1750D: Update to v8.7.1.9 or later
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
- Block access to the Aruba Instant Command Line Interface from all untrusted users.
- Block access to the Aruba Instant web-based management interface from all untrusted users.
- Enable the Enhanced PAPI Security feature, where available, to prevent exploitation of these vulnerabilities. For
assistance from the Siemens Technical Assistance Center (TAC), please contact Siemens (login required).
- Block access for Aruba Instant device on Port UDP/8211 from all untrusted users.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in
the product manuals.
For more information see Siemens Security Advisory SSA-917476 in HTML or CSAF.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37732");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(78);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"versionEndExcluding" : "8.7.1.3", "family" : "SCALANCEW"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_w1750d_firmware | cpe:/o:siemens:scalance_w1750d_firmware |
Related
nvd
nvd
CVE-2021-37732
2021-10-12 16:15:07
cvelist
cvelist
CVE-2021-37732
2021-10-12 15:12:55
cve
cve
CVE-2021-37732
2021-10-12 16:15:07
prion
prion
Command injection
2021-10-12 16:15:00
cnvd
cnvd
Aruba Instant Command Injection Vulnerability (CNVD-2021-89450)
2021-10-10 00:00:00
ics
ics
Siemens SCALANCE W1750D (Update A)
2022-10-13 12:00:00