Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2023-36754.NASL
HistorySep 14, 2023 - 12:00 a.m.

Siemens RUGGEDCOM ROX Improper Neutralization of Special Elements Used in a Command (CVE-2023-36754)

2023-09-1400:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
siemens
ruggedcom rox
vulnerability
remote attackers
arbitrary code
command injection
input sanitation
root privileges
tenable.ot
web interface

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501630);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");

  script_cve_id("CVE-2023-36754");
  script_xref(name:"ICSA", value:"23-194-01");

  script_name(english:"Siemens RUGGEDCOM ROX Improper Neutralization of Special Elements Used in a Command (CVE-2023-36754)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All
versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0),
RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500
(All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions <
V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX
RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions <
V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX
RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions <
V2.16.0). The SCEP server configuration URL parameter in the web
interface of affected devices is vulnerable to command injection due
to missing server side input sanitation. This could allow an
authenticated privileged remote attacker to execute arbitrary code
with root privileges.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

​Siemens recommends users update the product to the following versions:

- ​Update to V2.16.0 or later version

​As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate
mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the
environment according to Siemens' operational guidelines for Industrial Security, and to follow the recommendations in
the product manuals. Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity

​For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens
ProductCERT: https://www.siemens.com/cert/advisories

​As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens'
operational guidelines for industrial security and following recommendations in the product manuals.

​Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

​For more information see the associated Siemens security advisory SSA-146325 in HTML and CSAF.

​");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-36754");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(77);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/14");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_mx5000_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_mx5000re_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1400_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1500_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1501_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1510_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1511_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1512_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1524_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx1536_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rox_rx5000_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:ruggedcom_rox_mx5000_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_mx5000re_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1400_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1500_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1501_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1510_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1511_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1512_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1524_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx1536_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"},
    "cpe:/o:siemens:ruggedcom_rox_rx5000_firmware" :
        {"versionEndExcluding" : "2.16.0", "family" : "RuggedCom"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Related

prion 1
nvd 1
cvelist 1
cve 1
ics 1
prion
prion
Command injection
2023-07-11 10:15:00
nvd
nvd
CVE-2023-36754
2023-07-11 10:15:11
cvelist
cvelist
CVE-2023-36754
2023-07-11 09:07:21
cve
cve
CVE-2023-36754
2023-07-11 10:15:11
ics
ics
​Siemens RUGGEDCOM ROX
2023-07-13 12:00:00

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2023-36754.NASL
prion1nvd1cvelist1cve1ics1