Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_EMERSON_CVE-2022-30260.NASL
HistoryJan 05, 2023 - 12:00 a.m.

Emerson DeltaV Distributed Control System Insufficient Verification of Data Authenticity (CVE-2022-30260)

2023-01-0500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500725);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-30260");

  script_name(english:"Emerson DeltaV Distributed Control System Insufficient Verification of Data Authenticity (CVE-2022-30260)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Emerson DeltaV Distributed Control System (DCS) has insufficient
verification of firmware integrity (an inadequate checksum approach,
and no signature). This affects versions before 14.3 of DeltaV
M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV
CIOC/EIOC/WIOC IO cards.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.forescout.com/blog/");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Emerson has provided the following mitigations or workarounds:

Emerson has corrected CVE-2022-29965 in all currently supported versions of DeltaV. For additional mitigations and
preventative measures, please see the Emerson Guardian Support Portal (login required).

Emerson has mitigated CVE-2022-29962, CVE-2022-29963, and CVE-2022-29964 in all currently supported versions of DeltaV.
Please see the Emerson Guardian Support Portal (login required) for more information.

Emerson corrected the Firmware image verification vulnerability in Version 14.3 and mitigated it in all other versions.
Please see the Emerson Guardian Support Portal (login required) for more information.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-30260");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(345);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Emerson");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Emerson');

var asset = tenable_ot::assets::get(vendor:'Emerson');

var vuln_cpes = {
    "cpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware" :
        {"versionEndExcluding" : "14.3", "family" : "SSeries"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
emersondeltav_distributed_control_system_sq_controller_firmwarecpe:/o:emerson:deltav_distributed_control_system_sq_controller_firmware

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

Related for TENABLE_OT_EMERSON_CVE-2022-30260.NASL