Beckhoff CX9020 Authentication Bypass (CVE-2020-20741)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500517);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");

  script_cve_id("CVE-2020-20741");

  script_name(english:"Beckhoff CX9020 Authentication Bypass (CVE-2020-20741)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version
CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the CE Remote Display Tool
as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.  

This plugin only
works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-006.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82938f14");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-20741");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:beckhoff:cx9020:6.02:build_4016.6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Beckhoff");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Beckhoff');

var asset = tenable_ot::assets::get(vendor:'Beckhoff');

var vuln_cpes = {
    "cpe:/h:beckhoff:cx9020:6.02:build_4016.6" :
        {"versionEndIncluding" : "6.02", "versionStartIncluding" : "6.02", "family" : "Beckhoff"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);