Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2022-2081.NASL
HistoryJan 17, 2024 - 12:00 a.m.

Hitachi Energy RTU500 Stack-Based Buffer Overflow (CVE-2022-2081)

2024-01-1700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
vulnerability
rtu500
modbus tcp
stack-based buffer overflow
exploit
flood control
reboot
tenable.ot
scanner

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501889);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-2081");

  script_name(english:"Hitachi Energy RTU500 Stack-Based Buffer Overflow (CVE-2022-2081)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability exists in the HCI Modbus TCP function included in the
product versions listed above. If the HCI Modbus TCP is enabled and
configured, an attacker could exploit the vulnerability by sending a
specially crafted message to the RTU500 in a high rate, causing the
targeted RTU500 CMU to reboot. The vulnerability is caused by a lack
of flood control which eventually if exploited causes an internal
stack overflow in the HCI Modbus TCP function.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd0eebd9");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-235-07");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Hitachi Energy recommends updating to the following firmware versions:

- Update to RTU500 series CMU Firmware version 12.0.14.0 or higher.
- Update to RTU500 series CMU Firmware version 12.2.12.0 or higher.
- Update to RTU500 series CMU Firmware version 12.4.12.0 or higher.
- Update to RTU500 series CMU Firmware version 12.6.8.0 or higher.
- Update to RTU500 series CMU Firmware version 12.7.4.0 or higher.
- Update to RTU500 series CMU Firmware version 13.2.5.0 or higher.
- Update to RTU500 series CMU Firmware version 13.3.2.0 or higher.

Users should see Hitachi Energy advisory 8DBD000111 for additional mitigation and update information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2081");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(120, 787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:rtu520_firmware:12");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:rtu520_firmware:13");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:rtu520_firmware:13.3.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/o:hitachienergy:rtu520_firmware:12.0" :
        {"versionEndIncluding" : "12.0.13", "versionStartIncluding" : "12.0.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:12.2" :
        {"versionEndIncluding" : "12.2.11", "versionStartIncluding" : "12.2.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:12.4" :
        {"versionEndIncluding" : "12.4.11", "versionStartIncluding" : "12.4.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:12.6" :
        {"versionEndIncluding" : "12.6.7", "versionStartIncluding" : "12.6.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:12.7" :
        {"versionEndIncluding" : "12.7.3", "versionStartIncluding" : "12.7.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:13" :
        {"versionEndIncluding" : "13.2.4", "versionStartIncluding" : "13.2.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu520_firmware:13.3.1" :
        {"versionEndIncluding" : "13.3.1", "versionStartIncluding" : "13.3.1", "family" : "AbbRTU500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
hitachienergyrtu520_firmware12cpe:/o:hitachienergy:rtu520_firmware:12
hitachienergyrtu520_firmware13cpe:/o:hitachienergy:rtu520_firmware:13
hitachienergyrtu520_firmware13.3.1cpe:/o:hitachienergy:rtu520_firmware:13.3.1

Related

cve 1
cvelist 1
prion 1
ics 1
nvd 1
cve
cve
CVE-2022-2081
2024-01-04 10:15:10
cvelist
cvelist
CVE-2022-2081
2024-01-04 09:15:30
prion
prion
Stack overflow
2024-01-04 10:15:00
ics
ics
Hitachi Energy RTU500
2022-08-23 12:00:00
nvd
nvd
CVE-2022-2081
2024-01-04 10:15:10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for TENABLE_OT_ABB_CVE-2022-2081.NASL
cve1cvelist1prion1ics1nvd1