Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22784)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502159);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/22");

  script_cve_id("CVE-2023-22784");

  script_name(english:"Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22784)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"There are buffer overflow vulnerabilities in multiple underlying 
services that could lead to unauthenticated remote code execution 
by sending specially crafted packets destined to the PAPI 
(Aruba's access point management protocol) UDP port (8211). 
Successful exploitation of these vulnerabilities result in 
the ability to execute arbitrary code as a privileged user 
on the underlying operating system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://cert-portal.siemens.com/productcert/html/ssa-843070.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?157d0378");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-22784");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:scalance_w1750d_firmware" :
        {"versionEndExcluding" : "8.10.0.6", "family" : "SCALANCEW", "orderNumbers" : ["6GK5750-2HX01-1AD0","6GK5750-2HX01-1AA0","6GK5750-2HX01-1AB0"]}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);