A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O
-25/+70C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501071);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2021-46304");
script_name(english:"Siemens SICAM A8000 Web Server Module Improper Access Control (CVE-2021-46304)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O
-25/+70C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70C
(All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER
MODULE WITH GPRS (All versions). The component allows to activate a
web server module which provides unauthenticated access to its web
pages. This could allow an attacker to retrieve debug-level
information from the component such as internal network topology or
connected systems.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens provided the following updates to the vulnerabilities for the following products affected:
- CP-8000 MASTER MODULE WITH I/O -25/+70°C (6MF2101-0AB10-0AA0): There is currently no fix available
- CP-8000 MASTER MODULE WITH I/O -40/+70°C (6MF2101-1AB10-0AA0): There is currently no fix available
- CP-8021 MASTER MODULE (6MF2802-1AA00): There is currently no fix available
- CP-8022 MASTER MODULE WITH GPRS (6MF2802-2AA00): There is currently no fix available
Siemens has identified the following workarounds and mitigations for users to reduce risk:
- Operate the affected web server module only when required and apply the security instructions provided in the updated
manual.
Siemens recommends users apply General Security Recommendations.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the
environment according to the Siemens operational guidelines for industrial security and follow the recommendations in
the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-185638.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-46304");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(287);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/10");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-25%2f%2b70_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-40%2f%2b70_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:cp-8021_master_module_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:cp-8022_master_module_with_gprs_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:cp-8021_master_module_firmware" :
{"family" : "SicamA8000CP802"},
"cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-25%2f%2b70_firmware" :
{"family" : "SicamA8000CP800"},
"cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-40%2f%2b70_firmware" :
{"family" : "SicamA8000CP800"},
"cpe:/o:siemens:cp-8022_master_module_with_gprs_firmware" :
{"family" : "SicamA8000CP802"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | cp-8000_master_module_with_i%2fo_-25%2f%2b70_firmware | cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-25%2f%2b70_firmware | |
siemens | cp-8000_master_module_with_i%2fo_-40%2f%2b70_firmware | cpe:/o:siemens:cp-8000_master_module_with_i%2fo_-40%2f%2b70_firmware | |
siemens | cp-8021_master_module_firmware | cpe:/o:siemens:cp-8021_master_module_firmware | |
siemens | cp-8022_master_module_with_gprs_firmware | cpe:/o:siemens:cp-8022_master_module_with_gprs_firmware |