Honeywell Experion PKS and ACE Controllers Relative Path Traversal (CVE-2021-38399)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500792);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2021-38399");

  script_name(english:"Honeywell Experion PKS and ACE Controllers Relative Path Traversal (CVE-2021-38399)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Honeywell Experion PKS C200, C200E, C300, and ACE controllers are
vulnerable to relative path traversal, which may allow an attacker
access to unauthorized files and directories.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.honeywellprocess.com/library/support/notifications/Customer/SN2021-02-22-01-Experion-C300-CCL.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?04c83b01");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-21-278-04");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Honeywell recommends users follow all guidance in the Experion Network and Security Planning Guide to prevent attacks by
malicious actors.

Additional information can be found in Honeywell Support document SN2021-02-22-01.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38399");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(22);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c200_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c200e_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Honeywell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Honeywell');

var asset = tenable_ot::assets::get(vendor:'Honeywell');

var vuln_cpes = {
    "cpe:/o:honeywell:c200_controller_firmware:-" :
        {"family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c200e_controller_firmware:-" :
        {"family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_controller_firmware:-" :
        {"family" : "HoneywellExperion"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);