Lucene search
+L

Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)

🗓️ 18 Nov 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 12 Views

Excessive DSA key checks may lead to Denial of Service in certain applications.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities
9 Jul 202417:03
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues
15 Apr 202503:13
ibm
IBM Security Bulletins
Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL
30 Jul 202422:02
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
19 Dec 202416:32
ibm
IBM Security Bulletins
Security Bulletin: IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i due to multiple vulnerabilities.
24 Jul 202517:48
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
12 Mar 202522:11
ibm
IBM Security Bulletins
Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.
10 Jan 202513:45
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Base OS issues
2 Apr 202517:41
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management
31 Mar 202603:38
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502672);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/11/26");

  script_cve_id("CVE-2024-4603");
  script_xref(name:"ICSA", value:"24-319-06");

  script_name(english:"Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Issue summary: Checking excessively long DSA keys or parameters may be
very slow. Impact summary: Applications that use the functions
EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA
public key or DSA parameters may experience long delays. Where the key
or parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service. The functions
EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various
checks on DSA parameters. Some of those computations take a long time
if the modulus (`p` parameter) is too large. Trying to use a very
large modulus is slow and OpenSSL will not allow using public keys
with a modulus which is over 10,000 bits in length for signature
verification. However the key and parameter check functions do not
limit the modulus size when performing the checks. An application that
calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a
key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack. These functions are not
called by OpenSSL itself on untrusted DSA keys so only applications
that directly call these functions may be vulnerable. Also vulnerable
are the OpenSSL pkey and pkeyparam command line applications when
using the `-check` option. The OpenSSL SSL/TLS implementation is not
affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are
affected by this issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-354112.html");
  script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109976047/");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-4603");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(834);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/11/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_eu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_nam_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m804pb_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m812-1_adsl-router_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m816-1_adsl-router_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m826-2_shdsl-router_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-3_3g-router_%28cn%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-3_%28rok%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_%28eu%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_%28nam%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28a1%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28b1%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28eu%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28a1%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28b1%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28cn%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28eu%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28row%29_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_eec_lan-router_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_lan-router_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_eu_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "RuggedCom", "orderNumbers" : ['6GK6108-4AM00-2BA2']},
    "cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_nam_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "RuggedCom", "orderNumbers" : ['6GK6108-4AM00-2DA2']},
    "cpe:/o:siemens:scalance_m804pb_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5804-0AP00-2AA2']},
    "cpe:/o:siemens:scalance_m812-1_adsl-router_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5812-1BA00-2AA2', '6GK5812-1AA00-2AA2']},
    "cpe:/o:siemens:scalance_m816-1_adsl-router_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5816-1AA00-2AA2', '6GK5816-1BA00-2AA2']},
    "cpe:/o:siemens:scalance_m826-2_shdsl-router_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5826-2AB00-2AB2']},
    "cpe:/o:siemens:scalance_m874-2_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-2AA00-2AA2']},
    "cpe:/o:siemens:scalance_m874-3_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-3AA00-2AA2']},
    "cpe:/o:siemens:scalance_m874-3_3g-router_%28cn%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-3AA00-2FA2']},
    "cpe:/o:siemens:scalance_m876-3_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-3AA02-2BA2']},
    "cpe:/o:siemens:scalance_m876-3_%28rok%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-3AA02-2EA2']},
    "cpe:/o:siemens:scalance_m876-4_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA10-2BA2']},
    "cpe:/o:siemens:scalance_m876-4_%28eu%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA00-2BA2']},
    "cpe:/o:siemens:scalance_m876-4_%28nam%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA00-2DA2']},
    "cpe:/o:siemens:scalance_mum853-1_%28a1%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA10-2AA1']},
    "cpe:/o:siemens:scalance_mum853-1_%28b1%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA10-2BA1']},
    "cpe:/o:siemens:scalance_mum853-1_%28eu%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA00-2DA1']},
    "cpe:/o:siemens:scalance_mum856-1_%28a1%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA10-3AA1']},
    "cpe:/o:siemens:scalance_mum856-1_%28b1%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA10-3BA1']},
    "cpe:/o:siemens:scalance_mum856-1_%28cn%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3FA1']},
    "cpe:/o:siemens:scalance_mum856-1_%28eu%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3DA1']},
    "cpe:/o:siemens:scalance_mum856-1_%28row%29_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3AA1']},
    "cpe:/o:siemens:scalance_s615_eec_lan-router_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCES", "orderNumbers" : ['6GK5615-0AA01-2AA2']},
    "cpe:/o:siemens:scalance_s615_lan-router_firmware" :
        {"versionEndExcluding" : "8.2", "family" : "SCALANCES", "orderNumbers" : ['6GK5615-0AA00-2AA2']}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Nov 2024 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.15.3
EPSS0.01131
SSVC
12