Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500712);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-40265");

  script_name(english:"Mitsubishi Electric MELSEC iQ-R Series Improper Input Validation (CVE-2022-40265)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version
65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version
65 and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially
crafted packets. A system reset is required for recovery.

  - Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71
    Firmware version 65 and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series
    R04/08/16/32/120ENCPU Network Part Firmware version 65 and prior allows a remote unauthenticated
    attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is
    required for recovery. (CVE-2022-40265)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU94702422");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-335-01");
  # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-017_en.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b586e1ff");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Mitsubishi Electric has fixed the vulnerability in the following MELSEC iQ-R Series products: 

- RJ71EN71: Update firmware version to “66” or later. 
- R04/08/16/32/120ENCPU: Update network part firmware version to “66” or later.

Users should refer to the following product manual for instructions to update firmware: 

- MELSEC iQ-R Module Configuration Manual “Firmware Update Function.”

Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of an unauthenticated
user exploiting this vulnerability:

- Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required. 
- Use the product within a local area network (LAN) 
- Block access from untrusted networks and hosts through firewalls. 
- Use the IP filter function to restrict the accessible IP addresses.

Note: For using the IP filter function, users should see MELSEC iQ-R Ethernet User’s Manual (Application) Security “IP
filter”

Users can refer to the Mitsubishi Electric advisory for further details.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40265");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r04encpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08encpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120encpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16encpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32encpu_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:rj71en71_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Mitsubishi");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Mitsubishi');

var asset = tenable_ot::assets::get(vendor:'Mitsubishi');

var vuln_cpes = {
    "cpe:/o:mitsubishielectric:rj71en71_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQRCP"},
    "cpe:/o:mitsubishielectric:r04encpu_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQR"},
    "cpe:/o:mitsubishielectric:r08encpu_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQR"},
    "cpe:/o:mitsubishielectric:r16encpu_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQR"},
    "cpe:/o:mitsubishielectric:r32encpu_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQR"},
    "cpe:/o:mitsubishielectric:r120encpu_firmware" :
        {"versionEndIncluding" : "65", "family" : "MELSECiQR"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);