Tridium Niagara AX Path Traversal (CVE-2012-4701)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500889);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id("CVE-2012-4701");

  script_name(english:"Tridium Niagara AX Path Traversal (CVE-2012-4701)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and
3.7 allows remote attackers to read sensitive files, and consequently
execute arbitrary code, by leveraging (1) valid credentials or (2) the
guest feature.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf");
  # https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbd68f72");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4701");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.7");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/assetBag");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/assetBag');

var asset = tenable_ot::assets::get(hasAssetBag:TRUE);

var vuln_cpes = {
    "cpe:/a:tridium:niagara_ax_framework:3.5" :
        {"versionEndIncluding" : "3.5.39.1", "versionStartIncluding" : "3.5", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework:3.6" :
        {"versionEndIncluding" : "3.6.47.1", "versionStartIncluding" : "3.6", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework:3.7" :
        {"versionEndIncluding" : "3.7.46.3", "versionStartIncluding" : "3.7", "family" : "Niagara"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);