Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2022-0902.NASL
HistoryNov 10, 2022 - 12:00 a.m.

ABB RMC Path Traversal (CVE-2022-0902)

2022-11-1000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
103
path traversal
command injection
abb rmc
vulnerability
flow computer
remote controller

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.0%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500708);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");

  script_cve_id("CVE-2022-0902");

  script_name(english:"ABB RMC Path Traversal (CVE-2022-0902)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal'), Improper Neutralization of Special Elements used in a
Command ('Command Injection') vulnerability in flow computer and
remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE,
XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully
exploited this vulnerability could insert and run arbitrary code in an
affected system node.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A0927&LanguageCode=en&DocumentPartId=&Action=Launch&_ga
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e52ff696");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0902");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:rmc-100-lite_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:rmc-100_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:udc_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:uflog5_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:xfcg5_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:xio_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:abb:xrcg5_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_models = {
    # RMC-100 various model names
    # RMC-100 fixed part number 2105457-037
    'RMC-100' :
        {"versionEndExcluding" : "4.5.0.6"},
    # RMC-100-LITE fixed part number 2106229-011
    'RMC-100-LITE' :
        {"versionEndExcluding" : "4.5.0.6"},
    'RMC-LT' :
        {"versionEndExcluding" : "4.5.0.6"},
    # XIO fixed part number 2106198-008
    'XIO' : 
        {"versionEndExcluding" : "4.5.0.6"},
    # XFCG5 fixed part number 2105805-016
    'XFCG5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'XFC G5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'G5 XFC' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'g5xfc' : 
        {"versionEndExcluding" : "4.5.0.6"},
    # XRCG5 fixed part number 2105864-016
    'XRCG5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'XRC G5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'G5 XRC' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'g5xrc' : 
        {"versionEndExcluding" : "4.5.0.6"},
    # uFLOG5 fixed part number 2105298-024
    'UFLOG5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'uFLO G5' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'G5 uFLO' : 
        {"versionEndExcluding" : "4.5.0.6"},
    'g5uflo' : 
        {"versionEndExcluding" : "4.5.0.6"},
    # UDC fixed part number 2106177-007, no clear mapping, assume the same as the others.
    'UDC' : 
        {"versionEndExcluding" : "4.5.0.6"}
};


tenable_ot::cve::compare_and_report(asset:asset, vuln_models:vuln_models, severity:SECURITY_HOLE);

Related

thn 1
prion 1
nvd 1
cvelist 1
cve 1
thn
thn
High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies
2022-11-10 07:49:00
prion
prion
Path traversal
2022-07-21 16:15:00
nvd
nvd
CVE-2022-0902
2022-07-21 16:15:08
cvelist
cvelist
CVE-2022-0902 ABB Flow Computer and Remote Controllers Path Traversal Vulnerability in Totalflow TCP protocol can lead to root access
2022-07-21 15:34:49
cve
cve
CVE-2022-0902
2022-07-21 16:15:08

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.0%

JSON
Related for TENABLE_OT_ABB_CVE-2022-0902.NASL
thn1prion1nvd1cvelist1cve1