Rockwell Studio 5000 Logix Designer < V34 Code Hiding

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(198230);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id("CVE-2022-1159");
  script_xref(name:"ICSA", value:"22-090-07");
  script_xref(name:"IAVB", value:"2024-B-0067");

  script_name(english:"Rockwell Studio 5000 Logix Designer < V34 Code Hiding");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Windows host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Rockwell Studio 5000 Logix Designer installed on the remote Windows host is prior to V34. It is, therefore, affected by a
vulnerability.

  - An attacker who achieves administrator access on a workstation running
    Studio 5000 Logix Designer could inject controller code undetectable to a
    user. (CVE-2022-1159)

This plugin requires paranoia because it cannot test for all mitigations.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-090-07");
  # https://claroty.com/team82/research/hiding-code-on-rockwell-automation-plcs
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7c944bfe");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Rockwell Studio 5000 Logix Designer to V34 or later and refer to vendor advisory for additional
mitigations. Note that upgrading does not directly address the issue, but Rockwell notes additional steps
you can take to mitigate the issue, including upgrading the controller firmware and utilizing compare tools
to ensure the integrity of your programs.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1159");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:rockwellautomation:studio_5000_logix_designer");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SCADA");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("rockwell_studio_5000_logix_designer_win_installed.nbin");
  script_require_keys("installed_sw/Rockwell Studio 5000 Logix Designer");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Rockwell Studio 5000 Logix Designer', win_local:TRUE);

var constraints = [
  {'fixed_version' : '34.0', 'fixed_display': 'V34' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, require_paranoia:TRUE);