Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_GENERIC_CVE-2018-18985.NASL
HistoryMar 21, 2023 - 12:00 a.m.

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)

2023-03-2100:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
tridium
niagara 4
niagara ax
security vulnerability
remote attacker
cross-site scripting
confidentiality
tenable.ot
ics-cert
upgrade
cybersecurity
users
authentication
physical access
remote connections

0.001 Low

EPSS

Percentile

23.5%

JSON

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500892);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2018-18985");

  script_name(english:"Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Tridium Niagara Enterprise Security 2.3u1, all versions prior to
2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara
4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all
versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has
been identified that may allow a remote attacker to inject code to
some web pages affecting confidentiality.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/106530");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Tridium recommends that affected users upgrade to the latest versions of the software (login required).Niagara
Enterprise security 2.3u1 Version 2.3.118.6:https://software.niagara-central.com/ord?portal:/download/6284Niagara AX
3.8u4 Version 3.8.401.1:https://software.niagara-central.com/ord?portal:/download/6276Niagara 4.4u2 Version
4.4.93.40.2:https://software.niagara-central.com/ord?portal:/download/6268Niagara 4.6 Version
4.6.96.28.4:https://software.niagara-central.com/ord?portal:/download/6281For more information please see TridiumҀ™s
security bulletin SB 2018-Tridium-2 at:https://www.tridium.com/~/media/tridium/library/documents/collateral/technical%20
bulletins/update%20your%20niagara%20software%20-%20fixes%20cross-site%20scripting%20vulnerability_2018-11.ashx?la=en

NCCIC and Tridium recommend users take defensive measures to minimize the risk of exploitation of this vulnerability.
Specifically, users should:

- Review and validate the list of users who are authorized and who can authenticate to Niagara.
- Allow only trained and trusted persons to have physical access to the system, including devices that have connection
to the system though the Ethernet port.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote
connections into the network where the system is located.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18985");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4.4u2");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.8u4");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/assetBag");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/assetBag');

var asset = tenable_ot::assets::get(hasAssetBag:TRUE);

var vuln_cpes = {
    "cpe:/a:tridium:niagara:4" :
        {"versionEndExcluding" : "4.4.93.40.2", "family" : "Niagara"},
    "cpe:/a:tridium:niagara:4.4u2" :
        {"versionEndIncluding" : "4.4u2", "versionStartIncluding" : "4.4u2", "family" : "Niagara"},
    "cpe:/a:tridium:niagara:4.6" :
        {"versionEndExcluding" : "4.6.96.28.4", "versionStartIncluding" : "4.6", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework:3.8u4" :
        {"versionEndIncluding" : "3.8u4", "versionStartIncluding" : "3.8u4", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework" :
        {"versionEndExcluding" : "3.8.401.1", "family" : "Niagara"},
    
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);
VendorProductVersionCPE
tridiumniagara4cpe:/a:tridium:niagara:4
tridiumniagara4.4u2cpe:/a:tridium:niagara:4.4u2
tridiumniagara_ax_frameworkcpe:/a:tridium:niagara_ax_framework
tridiumniagara_ax_framework3.8u4cpe:/a:tridium:niagara_ax_framework:3.8u4

Related

nvd 1
nessus 1
cvelist 1
cve 1
prion 1
ics 1
nvd
nvd
CVE-2018-18985
2019-01-29 16:29:00
nessus
nessus
Tridium Niagara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2020-08-10 00:00:00
cvelist
cvelist
CVE-2018-18985
2019-01-10 00:00:00
cve
cve
CVE-2018-18985
2019-01-29 16:29:00
prion
prion
Cross site scripting
2019-01-29 16:29:00
ics
ics
Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4
2019-01-10 12:00:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for TENABLE_OT_GENERIC_CVE-2018-18985.NASL
nvd1nessus1cvelist1cve1prion1ics1