4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.1%
Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500413);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");
script_cve_id("CVE-2012-1814");
script_xref(name:"Secunia", value:"49210");
script_xref(name:"OSVDB", value:"81996");
script_name(english:"Emerson DeltaV Cross-site Scripting (CVE-2012-1814)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and
DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot
for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf");
script_set_attribute(attribute:"see_also", value:"http://secunia.com/advisories/49210");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/53591");
script_set_attribute(attribute:"see_also", value:"http://osvdb.org/81996");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1814");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2012/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emerson:deltav:10.3.1");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emerson:deltav:11.3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emerson:deltav:9.3.1");
script_set_attribute(attribute:"cpe", value:"cpe:/a:emerson:deltav:11.3.1");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Emerson");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Emerson');
var asset = tenable_ot::assets::get(vendor:'Emerson');
var vuln_cpes = {
"cpe:/a:emerson:deltav:10.3.1" :
{"versionEndIncluding" : "10.3.1", "versionStartIncluding" : "10.3.1", "family" : "DeltaV"},
"cpe:/a:emerson:deltav:11.3" :
{"versionEndIncluding" : "11.3", "versionStartIncluding" : "11.3", "family" : "DeltaV"},
"cpe:/a:emerson:deltav:9.3.1" :
{"versionEndIncluding" : "9.3.1", "versionStartIncluding" : "9.3.1", "family" : "DeltaV"},
"cpe:/a:emerson:deltav:11.3.1" :
{"versionEndIncluding" : "11.3.1", "versionStartIncluding" : "11.3.1", "family" : "DeltaV"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);