Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500892);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2018-18985");
script_name(english:"Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Tridium Niagara Enterprise Security 2.3u1, all versions prior to
2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara
4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all
versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has
been identified that may allow a remote attacker to inject code to
some web pages affecting confidentiality.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/106530");
script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Tridium recommends that affected users upgrade to the latest versions of the software (login required).Niagara
Enterprise security 2.3u1 Version 2.3.118.6:https://software.niagara-central.com/ord?portal:/download/6284Niagara AX
3.8u4 Version 3.8.401.1:https://software.niagara-central.com/ord?portal:/download/6276Niagara 4.4u2 Version
4.4.93.40.2:https://software.niagara-central.com/ord?portal:/download/6268Niagara 4.6 Version
4.6.96.28.4:https://software.niagara-central.com/ord?portal:/download/6281For more information please see TridiumΓ’ΒΒs
security bulletin SB 2018-Tridium-2 at:https://www.tridium.com/~/media/tridium/library/documents/collateral/technical%20
bulletins/update%20your%20niagara%20software%20-%20fixes%20cross-site%20scripting%20vulnerability_2018-11.ashx?la=en
NCCIC and Tridium recommend users take defensive measures to minimize the risk of exploitation of this vulnerability.
Specifically, users should:
- Review and validate the list of users who are authorized and who can authenticate to Niagara.
- Allow only trained and trusted persons to have physical access to the system, including devices that have connection
to the system though the Ethernet port.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote
connections into the network where the system is located.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18985");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4.4u2");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework");
script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.8u4");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/assetBag");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/assetBag');
var asset = tenable_ot::assets::get(hasAssetBag:TRUE);
var vuln_cpes = {
"cpe:/a:tridium:niagara:4" :
{"versionEndExcluding" : "4.4.93.40.2", "family" : "Niagara"},
"cpe:/a:tridium:niagara:4.4u2" :
{"versionEndIncluding" : "4.4u2", "versionStartIncluding" : "4.4u2", "family" : "Niagara"},
"cpe:/a:tridium:niagara:4.6" :
{"versionEndExcluding" : "4.6.96.28.4", "versionStartIncluding" : "4.6", "family" : "Niagara"},
"cpe:/a:tridium:niagara_ax_framework:3.8u4" :
{"versionEndIncluding" : "3.8u4", "versionStartIncluding" : "3.8u4", "family" : "Niagara"},
"cpe:/a:tridium:niagara_ax_framework" :
{"versionEndExcluding" : "3.8.401.1", "family" : "Niagara"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);