According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing asister site to deny service to all siblings.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	6/30/2023	7/6/2023	critical
501082	Siemens SCALANCE XCM332 Improper Validation of Syntactic Correctness of Input (CVE-2022-35252)	Tenable OT Security	Tenable.ot	5/2/2023	3/10/2025	low

Detections

Analytics

Plugins Search

critical

low