Tridium Niagara AX Path Traversal (CVE-2012-4027)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500894);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id("CVE-2012-4027");

  script_name(english:"Tridium Niagara AX Path Traversal (CVE-2012-4027)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Directory traversal vulnerability in Tridium Niagara AX Framework
allows remote attackers to read files outside of the intended images,
nav, and px folders by leveraging incorrect permissions, as
demonstrated by reading the config.bog file.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d7272d7a");
  # https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?53b5abf7");
  # https://web.archive.org/web/20201221191505/https://community.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_3.5_and_3.6_Security_Patches
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b0726e5");
  # https://web.archive.org/web/20130218162854/http://ics-cert.us-cert.gov/pdf/ICSA-12-228-01.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3e6155d6");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4027");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(264);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/assetBag");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/assetBag');

var asset = tenable_ot::assets::get(hasAssetBag:TRUE);

var vuln_cpes = {
  "cpe:/a:tridium:niagara_ax_framework:3.5" :
      {"versionEndExcluding" : "3.5.39", "versionStartIncluding" : "3.5", "family" : "Niagara"},
  "cpe:/a:tridium:niagara_ax_framework:3.6" :
      {"versionEndExcluding" : "3.6.47", "versionStartIncluding" : "3.6", "family" : "Niagara"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);