ABB System 800xA Base Incorrect Permission Assignment For Critical Resource (CVE-2020-8474)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500948);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2020-8474");

  script_name(english:"ABB System 800xA Base Incorrect Permission Assignment For Critical Resource (CVE-2020-8474)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Weak Registry permissions in ABB System 800xA Base allow low
privileged users to read and modify registry settings related to
control system functionality, allowing an authenticated attacker to
cause system functions to stop or malfunction.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f544369b");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

ABB recommends changing any user account passwords suspected to be known by an unauthorized person. Interactive logon
(both local and remote) is recommended to be disabled for the service account.

This vulnerability is corrected in System 800xA Base 6.1

This vulnerability is planned to be corrected in the next release on the 6.0.3 LTS track after 6.0.3.3

Please note this vulnerability can only be exploited by authenticated users, so users are recommended to ensure only
authorized persons have access to user accounts in System 800xA.

For more information please refer to ABB’s Cybersecurity Advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8474");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(269);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:abb:800xa_base_system");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/a:abb:800xa_base_system" :
        {"versionEndIncluding" : "6.0.0", "family" : "Abb800xA"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);