#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502708);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/04");
script_cve_id("CVE-2022-31800");
script_xref(name:"ICSA", value:"22-172-03");
script_name(english:"Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"An unauthenticated, remote attacker could upload malicious logic to
devices based on ProConOS/ProConOS eCLR in order to gain full control
over the device.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en/advisories/VDE-2022-025/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-172-03");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Phoenix Contact has provided the following mitigations and workarounds:
- Phoenix Contact classic line industrial controllers are developed and designed for the use in closed industrial
networks using a defense-in-depth approach focusing on network segmentation and communication robustness. In such an
approach, users are protected against attacks, (especially from the outside) by a multi-level perimeter, including
firewalls as well as dividing the plant into OT zones by using firewalls. This concept is supported by organizational
measures in the production plant as part of a security management system. To accomplish security here measures are
required at all levels. Ensure that the logic is always transferred or stored in protected environments. This is valid
for data in transmission as well as data in rest.
- Connections between the engineering tools and the controller must always be in a locally protected environment or
protected by VPN for remote access.
- Project data should not send as a file via email or other transfer mechanisms without additional integrity and
authenticity checks.
- Project data should be saved in protected environments only.
- Customers using Phoenix Contact classic line controllers are recommended to operate the devices in closed networks or
protected with a suitable firewall as intended.
Measures to protect devices based on classic control technology");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31800");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(345);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/21");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_1050_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_1050_xc_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_3050_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc1x0_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc1x1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc_1x1_gsm%2fgprs_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc_3xx_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_430_eth-ib_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_450_eth-ib_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_460r_pn_3tx-s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_460r_pn_3tx_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_470_pn_3tx_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_470s_pn_3tx_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_480s_pn_4tx_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/PhoenixContact");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/PhoenixContact');
var asset = tenable_ot::assets::get(vendor:'PhoenixContact');
var vuln_cpes = {
"cpe:/o:phoenixcontact:axc_1050_firmware" :
{"family" : "AXC1000"},
"cpe:/o:phoenixcontact:axc_1050_xc_firmware" :
{"family" : "AXC1000"},
"cpe:/o:phoenixcontact:axc_3050_firmware" :
{"family" : "AXC3000"},
"cpe:/o:phoenixcontact:ilc1x0_firmware" :
{"family" : "ILC"},
"cpe:/o:phoenixcontact:ilc1x1_firmware" :
{"family" : "ILC"},
"cpe:/o:phoenixcontact:ilc_1x1_gsm%2fgprs_firmware" :
{"family" : "ILC"},
"cpe:/o:phoenixcontact:ilc_3xx_firmware" :
{"family" : "ILC"},
"cpe:/o:phoenixcontact:rfc_430_eth-ib_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_450_eth-ib_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_460r_pn_3tx_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_460r_pn_3tx-s_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_470_pn_3tx_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_470s_pn_3tx_firmware" :
{"family" : "RFC400"},
"cpe:/o:phoenixcontact:rfc_480s_pn_4tx_firmware" :
{"family" : "RFC400"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation