Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2013-4651.NASL
HistoryApr 11, 2023 - 12:00 a.m.

Siemens Scalance W-7xx (a/b/g) Hard-coded SSL Certificate (CVE-2013-4651)

2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
siemens scalance w7xx
hardcoded certificate
ssl
man-in-the-middle
vulnerability

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

58.9%

JSON

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the- middle attacks against SSL sessions by leveraging the certificate’s trust relationship.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500988);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");

  script_cve_id("CVE-2013-4651");

  script_name(english:"Siemens Scalance W-7xx (a/b/g) Hard-coded SSL Certificate (CVE-2013-4651)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Siemens Scalance W7xx devices with firmware before 4.5.4 use the same
hardcoded X.509 certificate across different customers' installations,
which makes it easier for remote attackers to conduct man-in-the-
middle attacks against SSL sessions by leveraging the certificate's
trust relationship.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://cert-portal.siemens.com/productcert/pdf/ssa-120908.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11ab0b2e");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4651");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(255);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w744-1:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w744-1pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w746-1:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w746-1pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w747-1:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w747-1rr:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w784-1:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w784-1rr:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w786-1pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w786-2pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w786-2rr:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w786-3pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w788-1pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w788-1rr:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w788-2pro:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:siemens:scalance_w788-2rr:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/h:siemens:scalance_w744-1:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w744-1pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w746-1:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w746-1pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w747-1:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w747-1rr:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w784-1:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w784-1rr:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w786-1pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w786-2pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w786-2rr:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w786-3pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w788-1pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w788-1rr:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w788-2pro:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"},
    "cpe:/h:siemens:scalance_w788-2rr:-" :
        {"versionEndExcluding" : "4.5.4", "family" : "SCALANCEW"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Related

nvd 1
prion 1
cvelist 1
seebug 1
cve 1
ics 1
nvd
nvd
CVE-2013-4651
2013-08-01 13:32:26
prion
prion
Hardcoded credentials
2013-08-01 13:32:00
cvelist
cvelist
CVE-2013-4651
2013-07-31 18:00:00
seebug
seebug
Siemens Scalance W-700 系列设备SSL证书欺骗漏洞
2015-10-10 00:00:00
cve
cve
CVE-2013-4651
2013-08-01 13:32:26
ics
ics
Siemens Scalance W-7xx Product Family Multiple Vulnerabilities
2013-08-02 12:00:00

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

58.9%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2013-4651.NASL
nvd1prion1cvelist1seebug1cve1ics1