Mitsubishi Electric GOT2000 and GOT SIMPLE (CVE-2023-3373)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501601);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");

  script_cve_id("CVE-2023-3373");

  script_name(english:"Mitsubishi Electric GOT2000 and GOT SIMPLE (CVE-2023-3373)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Predictable Exact Value from Previous Values vulnerability in
Mitsubishi Electric Corporation GOT2000 Series GT21 model versions
01.49.000 and prior and GOT SIMPLE Series GS21 model versions
01.49.000 and prior allows a remote unauthenticated attacker to hijack
data connections (session hijacking) or prevent legitimate users from
establishing data connections (to cause DoS condition) by guessing the
listening port of the data connection on FTP server and connecting to
it.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01");
  # https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3764f2aa");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU92167394/index.html");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Mitsubishi Electric has created the following versions to fix this issue: 

- ​GOT2000 Series, GT21 model version 01.50.000 or later
- ​GOT SIMPLE, GS21 model version 01.50.000 or later

​Mitsubishi Electric recommends the following steps to update:

- ​Please contact your local Mitsubishi Electric representative to download the fixed version of GT Designer3 Version1
(GOT2000) and install on a personal computer.
- ​Start the GT Designer3 Version1 (GOT2000) and open the project data used in affected products. 
- ​Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. ​Please refer to the
GT Designer3 Version1 (GOT2000) Screen Design Manual (SH-081220ENG). ​“4. COMMUNICATING WITH GOT”
- ​After writing the required package data to the GOT, refer to the <How to check the versions in use> and check that
the software has been updated to the fixed versions.

​The fixed versions are shipped with GT Designer3 Version1(GOT2000) Ver. 1.300 N or later.

​Mitsubishi Electric recommends that customers take the following mitigations or workarounds to minimize the risk of
exploiting this vulnerability:

- ​Restrict physical access to the product and the LAN to which it is connected.
- ​When Internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
- ​Use the products within a LAN and block access from untrusted networks and hosts.
- ​Install antivirus software on your computer that can access the affected product.
- ​Use the IP filter function to restrict the accessible IP addresses. 
    - ​GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). “5.4.3 Setting the IP filter”
- ​Review whether the FTP server function is required or not, and if not, disable the FTP server function.

​Users should refer to Mitsubishi Electric’s security advisory for further information.

​");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3373");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(330);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs21_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt21_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Mitsubishi");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Mitsubishi');

var asset = tenable_ot::assets::get(vendor:'Mitsubishi');

var vuln_cpes = {
    "cpe:/o:mitsubishielectric:gt21_firmware" :
        {"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
    "cpe:/o:mitsubishielectric:gs21_firmware" :
        {"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);