Moxa MB3180 Denial of Service (CVE-2021-33824)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501459);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/03");

  script_cve_id("CVE-2021-33824");

  script_name(english:"Moxa MB3180 Denial of Service (CVE-2021-33824)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build
18113012. Attackers can use slowhttptest tool to send incomplete HTTP
request, which could make server keep waiting for the packet to finish
the connection, until its resource exhausted. Then the web server is
denial-of-service.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md");
  # https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f94d0461");
  script_set_attribute(attribute:"see_also", value:"https://github.com/shekyan/slowhttptest");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33824");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(400);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3180_firmware:2.1:build_18113012");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Moxa");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Moxa');

var asset = tenable_ot::assets::get(vendor:'Moxa');

var vuln_cpes = {
    "cpe:/o:moxa:mgate_mb3180_firmware:2.1:build_18113012" :
        {"versionEndIncluding" : "2.1", "versionStartIncluding" : "2.1", "family" : "MoxaMGate"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);