#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502672);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/11/26");
script_cve_id("CVE-2024-4603");
script_xref(name:"ICSA", value:"24-319-06");
script_name(english:"Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Issue summary: Checking excessively long DSA keys or parameters may be
very slow. Impact summary: Applications that use the functions
EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA
public key or DSA parameters may experience long delays. Where the key
or parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service. The functions
EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various
checks on DSA parameters. Some of those computations take a long time
if the modulus (`p` parameter) is too large. Trying to use a very
large modulus is slow and OpenSSL will not allow using public keys
with a modulus which is over 10,000 bits in length for signature
verification. However the key and parameter check functions do not
limit the modulus size when performing the checks. An application that
calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a
key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack. These functions are not
called by OpenSSL itself on untrusted DSA keys so only applications
that directly call these functions may be vulnerable. Also vulnerable
are the OpenSSL pkey and pkeyparam command line applications when
using the `-check` option. The OpenSSL SSL/TLS implementation is not
affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are
affected by this issue.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-354112.html");
script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/109976047/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-4603");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(834);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/12");
script_set_attribute(attribute:"patch_publication_date", value:"2024/11/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/11/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_eu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_nam_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m804pb_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m812-1_adsl-router_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m816-1_adsl-router_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m826-2_shdsl-router_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-2_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-3_3g-router_%28cn%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m874-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-3_%28rok%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_%28eu%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_%28nam%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_m876-4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28a1%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28b1%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum853-1_%28eu%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28a1%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28b1%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28cn%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28eu%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_mum856-1_%28row%29_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_eec_lan-router_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_s615_lan-router_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_eu_firmware" :
{"versionEndExcluding" : "8.2", "family" : "RuggedCom", "orderNumbers" : ['6GK6108-4AM00-2BA2']},
"cpe:/o:siemens:ruggedcom_rm1224_lte%284g%29_nam_firmware" :
{"versionEndExcluding" : "8.2", "family" : "RuggedCom", "orderNumbers" : ['6GK6108-4AM00-2DA2']},
"cpe:/o:siemens:scalance_m804pb_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5804-0AP00-2AA2']},
"cpe:/o:siemens:scalance_m812-1_adsl-router_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5812-1BA00-2AA2', '6GK5812-1AA00-2AA2']},
"cpe:/o:siemens:scalance_m816-1_adsl-router_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5816-1AA00-2AA2', '6GK5816-1BA00-2AA2']},
"cpe:/o:siemens:scalance_m826-2_shdsl-router_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5826-2AB00-2AB2']},
"cpe:/o:siemens:scalance_m874-2_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-2AA00-2AA2']},
"cpe:/o:siemens:scalance_m874-3_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-3AA00-2AA2']},
"cpe:/o:siemens:scalance_m874-3_3g-router_%28cn%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5874-3AA00-2FA2']},
"cpe:/o:siemens:scalance_m876-3_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-3AA02-2BA2']},
"cpe:/o:siemens:scalance_m876-3_%28rok%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-3AA02-2EA2']},
"cpe:/o:siemens:scalance_m876-4_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA10-2BA2']},
"cpe:/o:siemens:scalance_m876-4_%28eu%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA00-2BA2']},
"cpe:/o:siemens:scalance_m876-4_%28nam%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5876-4AA00-2DA2']},
"cpe:/o:siemens:scalance_mum853-1_%28a1%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA10-2AA1']},
"cpe:/o:siemens:scalance_mum853-1_%28b1%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA10-2BA1']},
"cpe:/o:siemens:scalance_mum853-1_%28eu%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5853-2EA00-2DA1']},
"cpe:/o:siemens:scalance_mum856-1_%28a1%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA10-3AA1']},
"cpe:/o:siemens:scalance_mum856-1_%28b1%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA10-3BA1']},
"cpe:/o:siemens:scalance_mum856-1_%28cn%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3FA1']},
"cpe:/o:siemens:scalance_mum856-1_%28eu%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3DA1']},
"cpe:/o:siemens:scalance_mum856-1_%28row%29_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCEM", "orderNumbers" : ['6GK5856-2EA00-3AA1']},
"cpe:/o:siemens:scalance_s615_eec_lan-router_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCES", "orderNumbers" : ['6GK5615-0AA01-2AA2']},
"cpe:/o:siemens:scalance_s615_lan-router_firmware" :
{"versionEndExcluding" : "8.2", "family" : "SCALANCES", "orderNumbers" : ['6GK5615-0AA00-2AA2']}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation