Lucene search

K

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)

πŸ—“οΈΒ 21 Mar 2023Β 00:00:00Reported byΒ This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 5Β Views

Tridium Niagara 4, AX, and Enterprise Security vulnerability (CVE-2018-18985

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2018-18985
29 Jan 201916:29
–nvd
Prion
Cross site scripting
29 Jan 201916:29
–prion
CVE
CVE-2018-18985
29 Jan 201916:29
–cve
Tenable Nessus
Tridium Niagara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
10 Aug 202000:00
–nessus
Cvelist
CVE-2018-18985
29 Jan 201916:00
–cvelist
ICS
Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4
10 Jan 201912:00
–ics
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500892);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2018-18985");

  script_name(english:"Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Tridium Niagara Enterprise Security 2.3u1, all versions prior to
2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara
4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all
versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has
been identified that may allow a remote attacker to inject code to
some web pages affecting confidentiality.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/106530");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-18-333-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Tridium recommends that affected users upgrade to the latest versions of the software (login required).Niagara
Enterprise security 2.3u1 Version 2.3.118.6:https://software.niagara-central.com/ord?portal:/download/6284Niagara AX
3.8u4 Version 3.8.401.1:https://software.niagara-central.com/ord?portal:/download/6276Niagara 4.4u2 Version
4.4.93.40.2:https://software.niagara-central.com/ord?portal:/download/6268Niagara 4.6 Version
4.6.96.28.4:https://software.niagara-central.com/ord?portal:/download/6281For more information please see TridiumҀ™s
security bulletin SB 2018-Tridium-2 at:https://www.tridium.com/~/media/tridium/library/documents/collateral/technical%20
bulletins/update%20your%20niagara%20software%20-%20fixes%20cross-site%20scripting%20vulnerability_2018-11.ashx?la=en

NCCIC and Tridium recommend users take defensive measures to minimize the risk of exploitation of this vulnerability.
Specifically, users should:

- Review and validate the list of users who are authorized and who can authenticate to Niagara.
- Allow only trained and trusted persons to have physical access to the system, including devices that have connection
to the system though the Ethernet port.
- If remote connections to the network are required, consider using a VPN or other means to ensure secure remote
connections into the network where the system is located.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18985");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara:4.4u2");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:tridium:niagara_ax_framework:3.8u4");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/assetBag");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/assetBag');

var asset = tenable_ot::assets::get(hasAssetBag:TRUE);

var vuln_cpes = {
    "cpe:/a:tridium:niagara:4" :
        {"versionEndExcluding" : "4.4.93.40.2", "family" : "Niagara"},
    "cpe:/a:tridium:niagara:4.4u2" :
        {"versionEndIncluding" : "4.4u2", "versionStartIncluding" : "4.4u2", "family" : "Niagara"},
    "cpe:/a:tridium:niagara:4.6" :
        {"versionEndExcluding" : "4.6.96.28.4", "versionStartIncluding" : "4.6", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework:3.8u4" :
        {"versionEndIncluding" : "3.8u4", "versionStartIncluding" : "3.8u4", "family" : "Niagara"},
    "cpe:/a:tridium:niagara_ax_framework" :
        {"versionEndExcluding" : "3.8.401.1", "family" : "Niagara"},
    
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo