Honeywell Experion PKS, LX and PlantCruise Uncontrolled Resource Consumption (CVE-2023-26597)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501612);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");

  script_cve_id("CVE-2023-26597");
  script_xref(name:"ICSA", value:"23-194-06");

  script_name(english:"Honeywell Experion PKS, LX and PlantCruise Uncontrolled Resource Consumption (CVE-2023-26597)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Controller DoS due to buffer overflow in the handling of a specially
crafted message received by the controller.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://process.honeywell.com");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Honeywell recommends users upgrade Experion Platforms to version R520.2. Download information includes the following:

- Product: Experion PKS, LX, & PlantCruise
- Version: R520.2
- For instructions on this process: 
    - Go to the Honeywell Website and sign in.
    - Select “Support” at the top of the web page.
    - Select “Product Documents & Downloads.”
    - In the given search box, search for: “Experion PKS R520.2”, “Experion LX R520.2” or “Experion PlantCruise R520.2”
and select the hyperlink for the given Experion platform.

Honeywell advises users to follow security best practices for Experion platform environments to ensure access is limited
to authorized users only. Users should ensure the backup files are maintained in a network location or physical drive
with access limited to authorized users only and should not share them.

Honeywell Security Notifications are available on the Honeywell website. For access, users should visit the Honeywell
website and sign in, select the search icon at the top of the web page, and search for “SN2023-06-22”.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-26597");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:501");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:510");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:511");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:520");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Honeywell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Honeywell');

var asset = tenable_ot::assets::get(vendor:'Honeywell');

var vuln_cpes = {
    "cpe:/o:honeywell:c300_firmware:501" :
        {"versionEndIncluding" : "501.6hf8", "versionStartIncluding" : "501.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:510" :
        {"versionEndIncluding" : "510.2hf12", "versionStartIncluding" : "510.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:511" :
        {"versionEndIncluding" : "511.5tcu3", "versionStartIncluding" : "511.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:520" :
        {"versionEndIncluding" : "520.1tcu4", "versionStartIncluding" : "520.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:520" :
        {"versionEndIncluding" : "520.2tcu2", "versionStartIncluding" : "520.2", "family" : "HoneywellExperion"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);