Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2023-42797.NASL
HistoryJan 16, 2024 - 12:00 a.m.

Siemens SICAM A8000 CP Command Injection (CVE-2023-42797)

2024-01-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
siemens sicam a8000
command injection
cve-2023-42797
network configuration
root privileges
tenable.ot
uninitialized variables
device startup

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.
By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501888);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");

  script_cve_id("CVE-2023-42797");

  script_name(english:"Siemens SICAM A8000 CP Command Injection (CVE-2023-42797)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in CP-8031 MASTER MODULE (All
versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions <
CPCI85 V05.20). The network configuration service of affected devices
contains a flaw in the conversion of ipv4 addresses that could lead to
an uninitialized variable being used in succeeding validation steps.
By uploading specially crafted network configuration, an authenticated
remote attacker could be able to inject commands that are executed on
the device with root privileges during device startup.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-42797");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(908);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:sicam_a8000_cp-8050_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:sicam_a8000_cp-8050_firmware" :
        {"versionEndExcluding" : "05.20", "family" : "SicamA8000CP805"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
siemenssicam_a8000_cp-8050_firmwarecpe:/o:siemens:sicam_a8000_cp-8050_firmware

Related

cve 1
prion 1
nvd 1
ics 1
cnvd 1
cvelist 1
cve
cve
CVE-2023-42797
2024-01-09 10:15:15
prion
prion
Design/Logic Flaw
2024-01-09 10:15:00
nvd
nvd
CVE-2023-42797
2024-01-09 10:15:15
ics
ics
Siemens SICAM A8000
2024-01-11 12:00:00
cnvd
cnvd
Siemens CPCI85 Firmware of SICAM A8000 Devices Command Injection Vulnerability
2024-01-10 00:00:00
cvelist
cvelist
CVE-2023-42797
2024-01-09 09:59:43

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2023-42797.NASL
cve1prion1nvd1ics1cnvd1cvelist1