Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-41990.NASL
HistoryAug 03, 2023 - 12:00 a.m.

Siemens SIMATIC NET CP, SINEMA & SCALANCE Integer Overflow (CVE-2021-41990)

2023-08-0300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
JSON

Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan. The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501592);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");

  script_cve_id("CVE-2021-41990");
  script_xref(name:"DSA", value:"DSA-4989");
  script_xref(name:"FEDORA", value:"FEDORA-2021-b3df83339e");
  script_xref(name:"FEDORA", value:"FEDORA-2021-0b37146973");
  script_xref(name:"FEDORA", value:"FEDORA-2021-95fab6a482");

  script_name(english:"Siemens SIMATIC NET CP, SINEMA & SCALANCE Integer Overflow (CVE-2021-41990)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected 
by Vulnerabilities in Third-Party Component strongSwan. 
The gmp plugin in strongSwan before 5.9.4 has a remote integer
overflow via a crafted certificate with an RSASSA-PSS signature. For
example, this can be triggered by an unrelated self-signed CA
certificate sent by an initiator. Remote code execution cannot occur.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/strongswan/strongswan/releases/tag/5.9.4");
  # https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f4f2d8ca");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2021/dsa-4989");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd6b6abd");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea295ec8");
  # https://lists.fedoraproject.org/archives/list/[email protected]/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5453363");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41990");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(190);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5615-0aa00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5804-0ap00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5812-1aa00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5812-1ba00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5816-1aa00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5816-1ba00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5826-2ab00-2ab2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5856-2ea00-3aa1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5856-2ea00-3da1_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5874-2aa00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5874-3aa00-2aa2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5876-3aa02-2ba2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5876-3aa02-2ea2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5876-4aa00-2ba2_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5876-4aa00-2da2_firmware:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:6gk5804-0ap00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5812-1aa00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5812-1ba00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5816-1aa00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5816-1ba00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5826-2ab00-2ab2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5874-2aa00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5874-3aa00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5876-3aa02-2ba2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5876-3aa02-2ea2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5876-4aa00-2ba2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5876-4aa00-2da2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5856-2ea00-3da1_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5856-2ea00-3aa1_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCEM"},
    "cpe:/o:siemens:6gk5615-0aa00-2aa2_firmware:-" :
        {"versionEndExcluding" : "7.1", "family" : "SCALANCES"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
siemens6gk5615-0aa00-2aa2_firmware-cpe:/o:siemens:6gk5615-0aa00-2aa2_firmware:-
siemens6gk5804-0ap00-2aa2_firmware-cpe:/o:siemens:6gk5804-0ap00-2aa2_firmware:-
siemens6gk5812-1aa00-2aa2_firmware-cpe:/o:siemens:6gk5812-1aa00-2aa2_firmware:-
siemens6gk5812-1ba00-2aa2_firmware-cpe:/o:siemens:6gk5812-1ba00-2aa2_firmware:-
siemens6gk5816-1aa00-2aa2_firmware-cpe:/o:siemens:6gk5816-1aa00-2aa2_firmware:-
siemens6gk5816-1ba00-2aa2_firmware-cpe:/o:siemens:6gk5816-1ba00-2aa2_firmware:-
siemens6gk5826-2ab00-2ab2_firmware-cpe:/o:siemens:6gk5826-2ab00-2ab2_firmware:-
siemens6gk5856-2ea00-3aa1_firmware-cpe:/o:siemens:6gk5856-2ea00-3aa1_firmware:-
siemens6gk5856-2ea00-3da1_firmware-cpe:/o:siemens:6gk5856-2ea00-3da1_firmware:-
siemens6gk5874-2aa00-2aa2_firmware-cpe:/o:siemens:6gk5874-2aa00-2aa2_firmware:-
Rows per page:
1-10 of 151

Related

ubuntucve 1
veracode 1
cbl_mariner 2
osv 3
alpinelinux 1
prion 1
debiancve 1
cve 1
redhatcve 1
nessus 7
openvas 9
suse 2
debian 1
fedora 3
ubuntu 1
freebsd 1
rosalinux 1
photon 3
ubuntucve
ubuntucve
CVE-2021-41990
2021-10-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-10-19 22:00:55
cbl_mariner
cbl_mariner
CVE-2021-41990 affecting package strongswan 5.9.3-1
2022-04-26 20:17:10
CVE-2021-41990 affecting package strongswan 5.7.2-6
2021-11-06 00:29:52
osv
osv
CVE-2021-41990
2021-10-18 14:15:10
strongswan - security update
2021-10-18 00:00:00
strongswan vulnerabilities
2021-10-19 10:54:55
alpinelinux
alpinelinux
CVE-2021-41990
2021-10-18 14:15:00
prion
prion
Integer overflow
2021-10-18 14:15:00
debiancve
debiancve
CVE-2021-41990
2021-10-18 14:15:00
cve
cve
CVE-2021-41990
2021-10-18 14:15:00
redhatcve
redhatcve
CVE-2021-41990
2021-10-19 16:44:17
nessus
nessus
SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2021:3467-1)
2021-10-20 00:00:00
openSUSE 15 Security Update : strongswan (openSUSE-SU-2021:1399-1)
2021-11-01 00:00:00
FreeBSD : strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache (58528a94-5100-4208-a04d-edc01598cf01)
2022-01-30 00:00:00
openvas
openvas
Fedora: Security Advisory for strongswan (FEDORA-2021-0b37146973)
2021-10-30 00:00:00
Debian: Security Advisory (DSA-4989-1)
2021-10-20 00:00:00
Fedora: Security Advisory for strongswan (FEDORA-2021-95fab6a482)
2021-10-30 00:00:00
suse
suse
Security update for strongswan (important)
2021-10-31 00:00:00
Security update for strongswan (important)
2021-10-19 00:00:00
debian
debian
[SECURITY] [DSA 4989-1] strongswan security update
2021-10-18 19:17:03
fedora
fedora
[SECURITY] Fedora 35 Update: strongswan-5.9.4-1.fc35
2021-10-29 23:29:36
[SECURITY] Fedora 34 Update: strongswan-5.9.4-1.fc34
2021-10-28 19:32:34
[SECURITY] Fedora 33 Update: strongswan-5.9.4-1.fc33
2021-10-28 19:31:43
ubuntu
ubuntu
strongSwan vulnerabilities
2021-10-19 00:00:00
freebsd
freebsd
strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache
2021-10-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2274
2023-10-22 06:24:16
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0320
2021-10-28 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0119
2021-10-27 00:00:00
Important Photon OS Security Update - PHSA-2021-0119
2021-10-27 00:00:00
JSON
Related for TENABLE_OT_SIEMENS_CVE-2021-41990.NASL
ubuntucve1veracode1cbl_mariner2osv3alpinelinux1prion1debiancve1cve1redhatcve1nessus7openvas9suse2debian1fedora3ubuntu1freebsd1rosalinux1photon3