Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2019-5096.NASL
HistoryMar 28, 2023 - 12:00 a.m.

Rockwell Automation products using GoAhead Web Server Use After Free (CVE-2019-5096)

2023-03-2800:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
rockwell automation
goahead web server
vulnerability
cve-2019-5096
code execution
http request
unauthenticated
tenable.ot
scanner

9.1 High

AI Score

Confidence

High

0.478 Medium

EPSS

Percentile

97.5%

JSON

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.

Rockwell Automation is aware of multiple products that utilize the GoAhead web server application and are affected by CVE 2019-5096.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500904);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2019-5096");

  script_name(english:"Rockwell Automation products using GoAhead Web Server Use After Free (CVE-2019-5096)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An exploitable code execution vulnerability exists in the processing
of multi-part/form-data requests within the base GoAhead web server
application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially
crafted HTTP request can lead to a use-after-free condition during the
processing of this request that can be used to corrupt heap structures
that could lead to full code execution. The request can be
unauthenticated in the form of GET or POST requests, and does not
require the requested resource to exist on the server.

Rockwell Automation is aware of multiple products that utilize the
GoAhead web server application and are affected by CVE 2019-5096.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-026-06");
  # https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138154/~/cve-2019-5096-and-cve-2019-5097-vulnerabilities-impact-multiple-products-
  script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?f79a2acd");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN1616.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2ade436");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation recommends users apply the latest version of firmware when possible:");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5096");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(416);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1747-aentr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1769-aentr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:5069-aen2tr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tr_series_c");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2t_series_d");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tsc_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tsc_series_b");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist1g_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist2g_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist2g_series_b");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/h:rockwellautomation:1747-aentr" :
        {"versionEndIncluding" : "2.002", "versionStartIncluding" : "2.002", "family" : "SLC5"},
    "cpe:/h:rockwellautomation:1769-aentr" :
        {"versionEndIncluding" : "1.001", "versionStartIncluding" : "1.001", "family" : "CompactLogix"},
    "cpe:/h:rockwellautomation:5069-aen2tr" :
        {"versionEndIncluding" : "3.011", "versionStartIncluding" : "3.011", "family" : "CompactLogix"},
    "cpe:/h:rockwellautomation:1756-en2t_series_d" :
        {"versionEndIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tr_series_c" :
        {"versionEndIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tsc_series_a" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tsc_series_b" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist1g_series_a" :
        {"versionEndIncluding" : "3.054", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist2g_series_a" :
        {"versionEndIncluding" : "3.054", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist2g_series_b" :
        {"versionEndIncluding" : "5.103", "family" : "ControlLogix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
rockwellautomation1747-aentrcpe:/h:rockwellautomation:1747-aentr
rockwellautomation1769-aentrcpe:/h:rockwellautomation:1769-aentr
rockwellautomation5069-aen2trcpe:/h:rockwellautomation:5069-aen2tr
rockwellautomation1756-en2tr_series_ccpe:/h:rockwellautomation:1756-en2tr_series_c
rockwellautomation1756-en2t_series_dcpe:/h:rockwellautomation:1756-en2t_series_d
rockwellautomation1756-en2tsc_series_acpe:/h:rockwellautomation:1756-en2tsc_series_a
rockwellautomation1756-en2tsc_series_bcpe:/h:rockwellautomation:1756-en2tsc_series_b
rockwellautomation1756-hist1g_series_acpe:/h:rockwellautomation:1756-hist1g_series_a
rockwellautomation1756-hist2g_series_acpe:/h:rockwellautomation:1756-hist2g_series_a
rockwellautomation1756-hist2g_series_bcpe:/h:rockwellautomation:1756-hist2g_series_b

Related

nessus 1
talosblog 1
thn 1
ics 1
cve 2
prion 2
nvd 2
cvelist 2
symantec 2
talos 2
checkpoint_advisories 1
githubexploit 1
nessus
nessus
Rockwell Automation products using GoAhead Web Server Loop with Unreachable Exit Condition (CVE-2019-5097)
2023-03-28 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
2019-12-02 11:42:13
thn
thn
Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 12:48:00
ics
ics
Rockwell Automation products using GoAhead Web Server
2023-01-26 12:00:00
cve
cve
CVE-2019-5097
2019-12-03 22:15:14
CVE-2019-5096
2019-12-03 22:15:14
prion
prion
Denial of service
2019-12-03 22:15:00
Design/Logic Flaw
2019-12-03 22:15:00
nvd
nvd
CVE-2019-5097
2019-12-03 22:15:14
CVE-2019-5096
2019-12-03 22:15:14
cvelist
cvelist
CVE-2019-5096
2019-12-03 21:52:15
CVE-2019-5097
2019-12-03 21:49:38
symantec
symantec
Embedthis GoAhead Web Server CVE-2019-5097 Denial of Service Vulnerability
2019-12-02 00:00:00
Embedthis GoAhead Web Server CVE-2019-5096 Remote Code Execution Vulnerability
2019-12-02 00:00:00
talos
talos
EmbedThis GoAhead web server denial-of-service vulnerability
2019-12-02 00:00:00
EmbedThis GoAhead web server code execution vulnerability
2019-12-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Embedthis Goahead Use-After-Free (CVE-2019-5096)
2020-03-01 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Embedthis Goahead
2020-03-02 16:48:02

9.1 High

AI Score

Confidence

High

0.478 Medium

EPSS

Percentile

97.5%

JSON
Related for TENABLE_OT_ROCKWELL_CVE-2019-5096.NASL
nessus1talosblog1thn1ics1cve2prion2nvd2cvelist2symantec2talos2checkpoint_advisories1githubexploit1