Nucleus FTP Server Multiple Vulnerabilities (NUCLEUS:13)

critical Nessus Plugin ID 155154

Synopsis

A FTP server is affected by multiple vulnerabilities.

Description

A FTP server running on the remote host is possibly affected by multiple vulnerabilities :

- FTP server does not properly validate the length of the USER command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31886)

- FTP server does not properly validate the length of the PWD/XPWD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31887)

- FTP server does not properly validate the length of the MKD/XMKD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
(CVE-2021-31888)

Note that Nessus reports these vulnerabilities based on the presence of the Nucleus FTP server. These vulnerabilities might have been mitigated.

Solution

Apply solution in accordance with the vendor advisory.

See Also

http://www.nessus.org/u?3b174710

https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03

Plugin Details

Severity: Critical

ID: 155154

File Name: nucleus_ftp_multiple_vulns.nbin

Version: 1.9

Type: remote

Family: SCADA

Published: 11/11/2021

Updated: 11/30/2022

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-31886

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/a:nucleus_net:nucleus_net

Required KB Items: installed_sw/Nucleus Net, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2021

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2021-31886, CVE-2021-31887, CVE-2021-31888

ICSA: 21-313-03