Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_EMERSON_CVE-2022-29965.NASLHistoryAug 04, 2022 - 12:00 a.m.
Emerson DeltaV Distributed Control System Use of a Broken or Risky Cryptographic Algorithm (CVE-2022-29965)
2022-08-0400:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
5.8 Medium
AI Score
Confidence
High
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
- The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. (CVE-2022-29965)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500698);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");
script_cve_id("CVE-2022-29965");
script_name(english:"Emerson DeltaV Distributed Control System Use of a Broken or Risky Cryptographic Algorithm (CVE-2022-29965)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access
to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is
controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using
a single seed value composed of a day/hour/minute timestamp with less than 16 bits of entropy. The seed value is fed
through a lookup table and a series of permutation operations resulting in three different four-character passwords
corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to
privileged maintenance operations. NOTE: this is different from CVE-2014-2350.
- The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse
passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series
and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These passwords are generated
using a deterministic, insecure algorithm using a single seed value composed of a day/hour/minute
timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of
permutation operations resulting in three different four-character passwords corresponding to different
privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged
maintenance operations. NOTE: this is different from CVE-2014-2350. (CVE-2022-29965)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.forescout.com/blog/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Emerson has provided the following mitigations or workarounds:
Emerson has corrected CVE-2022-29965 in all currently supported versions of DeltaV. For additional mitigations and
preventative measures, please see the Emerson Guardian Support Portal (login required).
Emerson has mitigated CVE-2022-29962, CVE-2022-29963, and CVE-2022-29964 in all currently supported versions of DeltaV.
Please see the Emerson Guardian Support Portal (login required) for more information.
Emerson corrected the Firmware image verification vulnerability in Version 14.3 and mitigated it in all other versions.
Please see the Emerson Guardian Support Portal (login required) for more information.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29965");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(327);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/26");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Emerson");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Emerson');
var asset = tenable_ot::assets::get(vendor:'Emerson');
var vuln_cpes = {
"cpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware" :
{"versionEndIncluding" : "2022-04-29", "family" : "SSeries"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emerson | deltav_distributed_control_system_sq_controller_firmware | cpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware |
Related
nessus
nessus
prion
prion
Hardcoded credentials
2022-07-26 22:15:00
Code injection
2022-07-26 22:15:00
Hardcoded credentials
2022-07-26 22:15:00
cvelist
cvelist
cve
cve
ics
ics
Emerson DeltaV Distributed Control System
2022-07-14 12:00:00
Emerson DeltaV Vulnerabilities
2018-09-06 12:00:00
ptsecurity
ptsecurity
PT-2013-91: Hard-Coded Access Credentials in Emerson DeltaV
2013-03-10 00:00:00