Lucene search

K
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2021-27196.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Hitachi Energy Relion 670, 650 and SAM600-IO Improper Input Validation (CVE-2021-27196)

2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.5%

Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7.
Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions;
10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500566);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2021-27196");

  script_name(english:"Hitachi Energy Relion 670, 650 and SAM600-IO Improper Input Validation (CVE-2021-27196)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Hitachi ABB Power Grids
Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO,
Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600
allows an attacker with access to the IEC 61850 network with knowledge
of how to reproduce the attack, as well as the IP addresses of the
different IEC 61850 access points (of IEDs/products), to force the
device to reboot, which renders the device inoperable for
approximately 60 seconds. This vulnerability affects only products
with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids
Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions
prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3
versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650
Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids
Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB
Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7.
Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi
ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x
version 8.x and prior versions; 9.x version 9.x and prior versions;
10.x version 10.x and prior versions; 11.x version 11.x and prior
versions; 12.x version 12.x and prior versions. Hitachi ABB Power
Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi
ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power
Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power
Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to
1.1.0.1.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8934&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e88a4149");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9059&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?24dbfef8");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8936&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9ecdc09");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9057&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57a20c50");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8937&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59f45d28");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A9058&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca5d1c3f");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A8932&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f5c70771");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-096-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Hitachi Energy recommends users apply relevant updates at their earliest convenience. Users should contact Hitachi
Energy to acquire firmware for a specific product version. Hitachi Energy has created the new versions to address this
vulnerability:

- Relion 670 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 670 series version 1.2.3: Fixed in revision 670 1.2.3.20
- Relion 670 series version 2.0: Fixed in revision 670 2.0.0.13
- Relion 670 series version 2.1: Fixed in revision 670 2.1.0.5
- Relion 670/650 series version 2.2.0: Fixed in revision 670 2.2.0.13
- Relion 670/650/SAM600-IO series version 2.2.1: Fixed in revision 670 2.2.1.6
- Relion 670 series version 2.2.2: Fixed in revision 670 2.2.2.3
- Relion 670 series version 2.2.3: Fixed in revision 670 2.2.3.2
- Relion 650 series version 1.1: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to the latest product version.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.2: Follow recommendation as listed in the Hitachi Energy advisory 9AKK107991A8932
mitigation section or upgrade to product version 1.3.
- For upgrades, contact your local Hitachi Energy associates.
- Relion 650 series version 1.3: Fixed in revision 650 1.3.0.7

Hitachi Energy recommends the following security practices and firewall configurations to help protect a process control
network from attacks originating outside the network:

- Physically protect process control systems from unauthorized direct access.
- Do not directly connect control systems networks to the internet.
- Separate process control systems from other networks using a firewall system with a minimal number of open ports.
- Do not use process control systems for internet surfing, instant messaging, or email.
- Carefully scan portable computers and removable storage media prior to connecting to a control system for malware.
- Ensure that only authorized personnel have access to the system configuration files.

More information on recommended practices can be found in the cybersecurity deployment guidelines for each product
version.

For more information, see Hitachi Energy advisory 9AKK107991A8932.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27196");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:reb500_firmware:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:reb500_firmware:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:1.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_650_firmware:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:1.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_670_firmware:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:relion_sam600-io_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/o:hitachienergy:relion_670_firmware:1.2.3" :
        {"versionEndExcluding" : "1.2.3.20", "versionStartIncluding" : "1.2.3", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.0" :
        {"versionEndExcluding" : "2.0.0.13", "versionStartIncluding" : "2.0", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.2.0" :
        {"versionEndExcluding" : "2.2.0.13", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.2.1" :
        {"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.2.2" :
        {"versionEndExcluding" : "2.2.2.3", "versionStartIncluding" : "2.2.2", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.2.3" :
        {"versionEndExcluding" : "2.2.3.2", "versionStartIncluding" : "2.2.3", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:1.1" :
        {"versionEndIncluding" : "1.1", "versionStartIncluding" : "1.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_670_firmware:2.1" :
        {"versionEndIncluding" : "2.1", "versionStartIncluding" : "2.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:1.3" :
        {"versionEndExcluding" : "1.3.0.7", "versionStartIncluding" : "1.3", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:2.2.0" :
        {"versionEndExcluding" : "2.2.0.13", "versionStartIncluding" : "2.2.0", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:2.2.1" :
        {"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:1.1" :
        {"versionEndIncluding" : "1.1", "versionStartIncluding" : "1.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:1.2" :
        {"versionEndIncluding" : "1.2", "versionStartIncluding" : "1.2", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_650_firmware:2.1" :
        {"versionEndIncluding" : "2.1", "versionStartIncluding" : "2.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:relion_sam600-io_firmware:2.2.1" :
        {"versionEndExcluding" : "2.2.1.6", "versionStartIncluding" : "2.2.1", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:reb500_firmware:7.3" :
        {"versionEndExcluding" : "7.60.19", "versionStartIncluding" : "7.3", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:reb500_firmware:8.2" :
        {"versionEndExcluding" : "8.2.0.5", "versionStartIncluding" : "8.2", "family" : "AbbRelion"},
    "cpe:/o:hitachienergy:reb500_firmware:8.3" :
        {"versionEndIncluding" : "8.3.1.0", "versionStartIncluding" : "8.3", "family" : "AbbRelion"},
    "cpe:/o:abb:rtu500_firmware:7.0" :
        {"versionEndExcluding" : "13.0", "versionStartIncluding" : "7.0", "family" : "AbbRTU500"},
    "cpe:/o:abb:fox615_tego1_firmware" :
        {"versionEndExcluding" : "r2a16", "family" : "AbbFox"},
    "cpe:/o:abb:pm876_firmware" :
        {"versionEndExcluding" : "2.37", "family" : "MelodyRack"},
    "cpe:/o:abb:pm876-1_firmware" :
        {"versionEndExcluding" : "2.37", "family" : "MelodyRack"},
    "cpe:/o:abb:ci850_firmware" :
        {"versionEndExcluding" : "a_3", "family" : "SDSeries"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
hitachienergyreb500_firmware7cpe:/o:hitachienergy:reb500_firmware:7
hitachienergyreb500_firmware8cpe:/o:hitachienergy:reb500_firmware:8
hitachienergyrelion_650_firmware1cpe:/o:hitachienergy:relion_650_firmware:1
hitachienergyrelion_650_firmware1.1cpe:/o:hitachienergy:relion_650_firmware:1.1
hitachienergyrelion_650_firmware1.2cpe:/o:hitachienergy:relion_650_firmware:1.2
hitachienergyrelion_650_firmware2cpe:/o:hitachienergy:relion_650_firmware:2
hitachienergyrelion_650_firmware2.1cpe:/o:hitachienergy:relion_650_firmware:2.1
hitachienergyrelion_670_firmware1cpe:/o:hitachienergy:relion_670_firmware:1
hitachienergyrelion_670_firmware1.1cpe:/o:hitachienergy:relion_670_firmware:1.1
hitachienergyrelion_670_firmware2cpe:/o:hitachienergy:relion_670_firmware:2
Rows per page:
1-10 of 121

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.5%

Related for TENABLE_OT_ABB_CVE-2021-27196.NASL