Mitsubishi Electric FA Products Use of Password Hash Instead of Password For Authentication (CVE-2022-25157)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500634);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-25157");

  script_name(english:"Mitsubishi Electric FA Products Use of Password Hash Instead of Password For Authentication (CVE-2022-25157)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series
FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote
unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password
hash.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more
information.");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU96577897/index.html");
  # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b01f6da0");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-04");
  script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploitation of
these vulnerabilities:

- When communicating via untrusted networks or hosts, encrypt the communication path by setting up a VPN.

- Use firewalls or IP filter function to restrict connections to the products and prevent access from untrusted networks
or hosts. For details on IP filter function, refer to the following product manual:
    - “12.1 IP Filter Function” in the MELSEC iQ-F FX 5 User’s Manual (Ethernet Communication)
    - "IP filter" of "1.13 Security" in the MELSEC iQ-R Ethernet User\'s Manual (Application)
    - "IP Filter Function" of "6.2 Security Function" in the MELSEC iQ-R Motion Controller Programming Manual (Common)
    - "IP filter" of "1.4 Security" in the MELSEC iQ-R CC-Link IE TSN User\'s Manual (Application)
    - "IP filter" of "9.5 Security" in the MELSEC iQ-R CC-Link IE TSN Plus Master/Local Module User’s Manual
    - "14.3 IP Filter Function" in the Q Corresponding Ethernet Interface Module User\'s Manual (Basic)
    - "14.3 IP Filter Function" in the MELSEC-L Ethernet Interface Module User\'s Manual (Basic)

For more information see Mitsubishi Electric’s advisory 2021-031');
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-25157");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(916);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uc_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:fx5uj_firmware:-");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Mitsubishi");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Mitsubishi');

var asset = tenable_ot::assets::get(vendor:'Mitsubishi');

var vuln_cpes = {
    "cpe:/o:mitsubishielectric:fx5uc_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uc-32mr%2fds-ts_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uc-32mt%2fd_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-24mr%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-24mt%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-24mt%2fess_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-40mr%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-40mt%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-40mt%2fess_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-60mr%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-60mt%2fes_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj-60mt%2fess_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uc-32mt%2fdss-ts_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uc-32mt%2fds-ts_firmware:-" :
        {"family" : "MELSECiQF"},
    "cpe:/o:mitsubishielectric:fx5uj_firmware:-" :
        {"family" : "MELSECiQF"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);