Hirschmann HiOS Switches Improper Authentication (CVE-2021-27734)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502264);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/11");

  script_cve_id("CVE-2021-27734");

  script_name(english:"Hirschmann HiOS Switches Improper Authentication (CVE-2021-27734)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and
HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the
credentials of existing users.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=12914&mediaformatid=50063&destinationid=10016
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4917ec80");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27734");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_hios");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_hios:07.1.01");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hirschmann_hios:07.1.02");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:belden:hisecos");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Hirschmann");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Hirschmann');

var asset = tenable_ot::assets::get(vendor:'Hirschmann');

var vuln_cpes = {
    "cpe:/o:belden:hirschmann_hios" :
        {"versionEndExcluding" : "08.6.00", "versionStartIncluding" : "08.1.00", "family" : "Hirschmann"},
    "cpe:/o:belden:hisecos" :
        {"versionEndIncluding" : "03.5.01", "versionStartIncluding" : "03.3.00", "family" : "Hirschmann"},
    "cpe:/o:belden:hirschmann_hios:07.1.02" :
        {"versionEndIncluding" : "07.1.02", "versionStartIncluding" : "07.1.02", "family" : "Hirschmann"},
    "cpe:/o:belden:hirschmann_hios:07.1.01" :
        {"versionEndIncluding" : "07.1.01", "versionStartIncluding" : "07.1.01", "family" : "Hirschmann"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);