Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2024-1531.NASL
HistoryMay 02, 2024 - 12:00 a.m.

Hitachi Energy’s RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1531)

2024-05-0200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
rtu500 series
vulnerability
cve-2024-1531
file handling
memory content
ot asset
mitigation
firewall
security advisory

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502224);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");

  script_cve_id("CVE-2024-1531");

  script_name(english:"Hitachi Energy’s RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1531)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability exists in the stb-language file handling that affects
the RTU500 series product versions listed below. A malicious actor
could print random memory content in the RTU500 system log, if an
authorized user uploads a specially crafted stb-language file.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://publisher.hitachienergy.com/preview?DocumentId=8DBD000190&languageCode=en&Preview=true
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eea04659");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-24-116-01");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Hitachi Energy has released the following mitigations for CVE-2024-1531 and CVE-2024-1532:

- RTU500 series CMU Firmware Version 12.7.1 - 12.7.6: Update to CMU Firmware Version 12.7.7
- RTU500 series CMU Firmware Version 13.2.1 - 13.2.6: Update to CMU Firmware Version 13.2.7

Until the updates are made available, Hitachi Energy recommends the following general mitigation factors/workarounds for the products with RTU500 series CMU firmware Versions 12.0.1 - 12.0.14, 12.2.1 - 12.2.11, 12.4.1 - 12.4.11, 12.6.1 - 12.6.9, 13.4.1 - 13.4.4, and 13.5.1 - 13.5.3 to address the vulnerabilities CVE-2024-1531 and CVE-2024-1532:

- Recommended security practices and firewall configurations can help protect a process control network from attacks originating from outside the network including.
- Physically protect process control systems from direct access by unauthorized personnel.
- Do not allow process control systems direct connections to the Internet.
- Separate process control systems from other networks by means of a firewall system that has a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving emails.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

For more information, see Hitachi Energy's Security Advisories.");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1531");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(434);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hitachienergy:rtu500_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/ABB");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/ABB');

var asset = tenable_ot::assets::get(vendor:'ABB');

var vuln_cpes = {
    "cpe:/o:hitachienergy:rtu500_firmware:12.0" :
        {"versionEndExcluding" : "12.0.15", "versionStartIncluding" : "12.0.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:12.2" :
        {"versionEndExcluding" : "12.2.12", "versionStartIncluding" : "12.2.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:12.4" :
        {"versionEndExcluding" : "12.4.12", "versionStartIncluding" : "12.4.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:12.6" :
        {"versionEndExcluding" : "12.6.10", "versionStartIncluding" : "12.6.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:12.7" :
        {"versionEndExcluding" : "12.7.7", "versionStartIncluding" : "12.7.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:13.2" :
        {"versionEndExcluding" : "13.2.7", "versionStartIncluding" : "13.2.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:13.4" :
        {"versionEndExcluding" : "13.4.5", "versionStartIncluding" : "13.4.1", "family" : "AbbRTU500"},
    "cpe:/o:hitachienergy:rtu500_firmware:13.5" :
        {"versionEndExcluding" : "13.5.4", "versionStartIncluding" : "13.5.1", "family" : "AbbRTU500"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
hitachienergyrtu500_firmwarecpe:/o:hitachienergy:rtu500_firmware

Related

ics 1
nessus 1
nvd 2
cve 2
cvelist 2
ics
ics
Multiple Vulnerabilities in Hitachi Energy RTU500 Series
2024-04-25 12:00:00
nessus
nessus
Hitachi Energy’s RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1532)
2024-05-02 00:00:00
nvd
nvd
CVE-2024-1532
2024-03-27 03:15:10
CVE-2024-1531
2024-03-27 02:15:11
cve
cve
CVE-2024-1532
2024-03-27 03:15:10
CVE-2024-1531
2024-03-27 02:15:11
cvelist
cvelist
CVE-2024-1531
2024-03-27 01:45:44
CVE-2024-1532
2024-03-27 01:52:15

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for TENABLE_OT_ABB_CVE-2024-1531.NASL
ics1nessus1nvd2cve2cvelist2