Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2021-25158.NASLHistoryApr 11, 2023 - 12:00 a.m.
Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)
2023-04-1100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
siemens scalance w1750d
aruba instant access point
remote arbitrary file read
concurrent execution
shared resource
improper synchronization
vulnerability
aruba
patches
tenable.ot
scanner
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below;
Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500969);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");
script_cve_id("CVE-2021-25158");
script_name(english:"Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A remote arbitrary file read vulnerability was discovered in some
Aruba Instant Access Point (IAP) products in version(s): Aruba Instant
6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below;
Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7
and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released
patches for Aruba Instant that address this security vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-14");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf");
# http://packetstormsecurity.com/files/163522/Aruba-Instant-IAP-Remote-Code-Execution.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?574bd0ab");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Siemens recommends upgrading SCALANCE W1750D to v8.7.1.3 or later
Siemens has identified the following specific workarounds and mitigations for users to apply to reduce the risk:
- Block access to the Aruba Instant device IP address on Port 8211/UDP from all untrusted users.
- Block access to the Aruba Instant Command Line Interface from all untrusted users.
- Block access to the Aruba Instant Web Management Interface from all untrusted users.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the
environment according to SiemensΓ’ΒΒ operational guidelines for industrial security and following the recommendations in
the product manuals.
For additional information see Siemens Security Advisory SSA-723417");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25158");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(362);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/30");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:scalance_w1750d_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:scalance_w1750d_firmware" :
{"versionEndExcluding" : "8.7.1.3", "family" : "SCALANCEW"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | scalance_w1750d_firmware | cpe:/o:siemens:scalance_w1750d_firmware |
Related
cvelist
cvelist
CVE-2021-25158
2021-03-30 01:32:28
prion
prion
Design/Logic Flaw
2021-03-30 02:15:00
nvd
nvd
CVE-2021-25158
2021-03-30 02:15:16
cve
cve
CVE-2021-25158
2021-03-30 02:15:16
packetstorm
packetstorm
Aruba Instant (IAP) Remote Code Execution
2021-07-16 00:00:00
zdt
zdt
Aruba Instant (IAP) - Remote Code Execution Exploit
2021-07-16 00:00:00
ics
ics
Siemens SCALANCE W1750D (Update B)
2021-10-14 12:00:00
6.7 Medium
AI Score
Confidence
High
0.099 Low
EPSS
Percentile
94.9%
Related for TENABLE_OT_SIEMENS_CVE-2021-25158.NASL