Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-41091.NASLHistoryJan 15, 2024 - 12:00 a.m.
Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)
2024-01-1500:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
siemens scalance lpe9403
incorrect permission assignment
critical resource
cve-2021-41091
vulnerability
moby
docker engine
data directory
insufficiently restricted permissions
unprivileged linux users
traverse directory contents
execute programs
setuid
host
tenable.ot
scanner
6.5 Medium
AI Score
Confidence
High
A vulnerability was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501886);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/30");
script_cve_id("CVE-2021-41091");
script_name(english:"Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability was found in Moby (Docker Engine) where the data directory (typically
/var/lib/docker) contained subdirectories with insufficiently restricted permissions,
allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.
When containers included executable programs with extended permission bits (such as setuid),
unprivileged Linux users could discover and execute those programs.
When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container,
the unprivileged Linux user on the host could discover, read, and modify those files.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-09");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/732.html");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends users of the affected product update to Version 2.0 or later.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to SiemensΓ’ΒΒ
operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information see Siemens Security Advisory SSA-222547");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41091");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/10");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_lpe9403_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_lpe9403_firmware" :
{"versionEndExcluding" : "2.0", "family" : "SCALANCE", "orderNumbers" : ["6GK5998-3GS00-2AC2"]}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_lpe9403_firmware | cpe:/o:siemens:scalance_lpe9403_firmware |
Related
prion
prion
Design/Logic Flaw
2021-10-04 21:15:00
cve
cve
CVE-2021-41091
2021-10-04 21:15:00
redhatcve
redhatcve
CVE-2021-41091
2021-11-15 18:14:39
github
github
Moby (Docker Engine) Insufficiently restricted permissions on data directory
2024-01-31 23:28:58
osv
osv
CVE-2021-41091
2021-10-04 21:15:12
Moby (Docker Engine) Insufficiently restricted permissions on data directory
2024-01-31 23:28:58
alpinelinux
alpinelinux
CVE-2021-41091
2021-10-04 21:15:00
githubexploit
githubexploit
Exploit for Improper Preservation of Permissions in Mobyproject Moby
2023-05-02 07:25:13
veracode
veracode
Privilege Escalation
2021-10-05 03:06:38
debiancve
debiancve
CVE-2021-41091
2021-10-04 21:15:00
ubuntucve
ubuntucve
CVE-2021-41091
2021-10-04 00:00:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0018)
2022-05-10 00:00:00
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2022-017)
2022-05-11 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for docker (EulerOS-SA-2022-2265)
2022-08-18 00:00:00
Mageia: Security Advisory (MGASA-2021-0500)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2311)
2022-09-14 00:00:00
amazon
amazon
Medium: docker
2021-09-30 19:22:00
mageia
mageia
Updated docker packages fix security vulnerabilities
2021-10-31 14:12:48
fedora
fedora
[SECURITY] Fedora 34 Update: moby-engine-20.10.9-1.fc34
2021-10-19 00:37:23
[SECURITY] Fedora 34 Update: containerd-1.5.7-1.fc34
2021-10-19 00:37:23
[SECURITY] Fedora 35 Update: containerd-1.5.7-1.fc35
2021-10-29 23:24:01
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server
2022-10-14 21:28:51
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:56:36
suse
suse
Security update for containerd, docker (moderate)
2022-02-04 00:00:00
Security update for containerd, docker, runc (important)
2021-10-25 00:00:00
Security update for containerd, docker, runc (important)
2021-10-31 00:00:00
thn
thn
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
2024-04-18 05:54:00
ics
ics
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
2022-06-16 12:00:00
redhat
redhat