Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_WAGO_CVE-2021-34581.NASLHistoryJul 21, 2022 - 12:00 a.m.
Wago OpenSSL DoS Vulnerability in PLCs (CVE-2021-34581)
2022-07-2100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
44.5%
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.
- Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. (CVE-2021-34581)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500669);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");
script_cve_id("CVE-2021-34581");
script_name(english:"Wago OpenSSL DoS Vulnerability in PLCs (CVE-2021-34581)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx,
750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the
device.
- Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO
750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated
attacker to cause DoS on the device. (CVE-2021-34581)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en-us/advisories/vde-2021-038");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-34581");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(772);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/31");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-831%2f000-002_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-831_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880%2f025-000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880%2f025-001_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880%2f025-002_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880%2f040-000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-880_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-881_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:750-889_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Wago");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Wago');
var asset = tenable_ot::assets::get(vendor:'Wago');
var vuln_cpes = {
"cpe:/o:wago:750-880%2f040-000_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-880%2f025-002_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-880%2f025-001_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-880%2f025-000_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-831%2f000-002_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-889_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-881_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-831_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"},
"cpe:/o:wago:750-880_firmware" :
{"versionEndIncluding" : "fw15", "versionStartIncluding" : "fw4", "family" : "Controller750"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wago | 750-831%2f000-002_firmware | cpe:/o:wago:750-831%2f000-002_firmware | |
| wago | 750-831_firmware | cpe:/o:wago:750-831_firmware | |
| wago | 750-880%2f025-000_firmware | cpe:/o:wago:750-880%2f025-000_firmware | |
| wago | 750-880%2f025-001_firmware | cpe:/o:wago:750-880%2f025-001_firmware | |
| wago | 750-880%2f025-002_firmware | cpe:/o:wago:750-880%2f025-002_firmware | |
| wago | 750-880%2f040-000_firmware | cpe:/o:wago:750-880%2f040-000_firmware | |
| wago | 750-880_firmware | cpe:/o:wago:750-880_firmware | |
| wago | 750-881_firmware | cpe:/o:wago:750-881_firmware | |
| wago | 750-889_firmware | cpe:/o:wago:750-889_firmware |
Related
cve
cve
CVE-2021-34581
2021-08-31 11:15:07
prion
prion
Design/Logic Flaw
2021-08-31 11:15:00
nvd
nvd
CVE-2021-34581
2021-08-31 11:15:07
cvelist
cvelist
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
44.5%
Related for TENABLE_OT_WAGO_CVE-2021-34581.NASL