Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ROCKWELL_CVE-2019-5097.NASL
HistoryMar 28, 2023 - 12:00 a.m.

Rockwell Automation products using GoAhead Web Server Loop with Unreachable Exit Condition (CVE-2019-5097)

2023-03-2800:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
rockwell automation
goahead web server
cve-2019-5097
denial of service
multi-part/form-data
http request
tenable.ot

8.8 High

AI Score

Confidence

High

0.478 Medium

EPSS

Percentile

97.5%

JSON

A denial-of-service vulnerability exists in the processing of multi- part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Rockwell Automation is aware of multiple products that utilize the GoAhead web server application and are affected by CVE 2019-5097.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500905);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2019-5097");

  script_name(english:"Rockwell Automation products using GoAhead Web Server Loop with Unreachable Exit Condition (CVE-2019-5097)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A denial-of-service vulnerability exists in the processing of multi-
part/form-data requests in the base GoAhead web server application in
versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request
can lead to an infinite loop in the process. The request can be
unauthenticated in the form of GET or POST requests and does not
require the requested resource to exist on the server.

Rockwell Automation is aware of multiple products that utilize the
GoAhead web server application and are affected by CVE 2019-5097.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0889");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-026-06");
  # https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138154/~/cve-2019-5096-and-cve-2019-5097-vulnerabilities-impact-multiple-products-
  script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?f79a2acd");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN1616.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2ade436");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation recommends users apply the latest version of firmware when possible:");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5097");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(835);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:controllogix_5580_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:guardlogix_5580_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compactlogix_5380_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:guardlogix_5380_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compactlogix_5480_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1747-aentr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1769-aentr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:5069-aen2tr");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2f_series_c");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2t_series_d");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tp_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tr_series_c");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en3tr_series_b");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tsc_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-en2tsc_series_b");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist1g_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist2g_series_a");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:1756-hist2g_series_b");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:controllogix_5580_firmware" :
        {"versionEndIncluding" : "V32", "versionStartIncluding": "V28","family" : "ControlLogix5580"},
    "cpe:/o:rockwellautomation:guardlogix_5580_firmware" :
        {"versionEndIncluding" : "V32", "versionStartIncluding": "V31","family" : "GuardLogix5580"},
    "cpe:/o:rockwellautomation:compactlogix_5380_firmware" :
        {"versionEndIncluding" : "V32", "versionStartIncluding": "V28","family" : "CompactLogix5380"},
    "cpe:/o:rockwellautomation:guardlogix_5380_firmware" :
        {"versionEndIncluding" : "V32", "versionStartIncluding": "V31","family" : "GuardLogix5380"},
    "cpe:/o:rockwellautomation:compactlogix_5480_firmware" :
        {"versionEndIncluding" : "V32", "versionStartIncluding": "V32","family" : "CompactLogix5480"},
    "cpe:/h:rockwellautomation:1747-aentr" :
        {"versionEndIncluding" : "2.002", "versionStartIncluding" : "2.002", "family" : "SLC5"},
    "cpe:/h:rockwellautomation:1769-aentr" :
        {"versionEndIncluding" : "1.001", "versionStartIncluding" : "1.001", "family" : "CompactLogix"},
    "cpe:/h:rockwellautomation:5069-aen2tr" :
        {"versionEndIncluding" : "3.011", "versionStartIncluding" : "3.011", "family" : "CompactLogix"},
    "cpe:/h:rockwellautomation:1756-en2f_series_c" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2t_series_d" :
        {"versionEndIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tp_series_a" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tr_series_c" :
        {"versionEndIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en3tr_series_b" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tsc_series_a" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-en2tsc_series_b" :
        {"versionEndIncluding" : "11.001", "versionStartIncluding" : "11.001", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist1g_series_a" :
        {"versionEndIncluding" : "3.054", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist2g_series_a" :
        {"versionEndIncluding" : "3.054", "family" : "ControlLogix"},
    "cpe:/h:rockwellautomation:1756-hist2g_series_b" :
        {"versionEndIncluding" : "5.103", "family" : "ControlLogix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
rockwellautomationcontrollogix_5580_firmwarecpe:/o:rockwellautomation:controllogix_5580_firmware
rockwellautomationguardlogix_5580_firmwarecpe:/o:rockwellautomation:guardlogix_5580_firmware
rockwellautomationcompactlogix_5380_firmwarecpe:/o:rockwellautomation:compactlogix_5380_firmware
rockwellautomationguardlogix_5380_firmwarecpe:/o:rockwellautomation:guardlogix_5380_firmware
rockwellautomationcompactlogix_5480_firmwarecpe:/o:rockwellautomation:compactlogix_5480_firmware
rockwellautomation1747-aentrcpe:/h:rockwellautomation:1747-aentr
rockwellautomation1769-aentrcpe:/h:rockwellautomation:1769-aentr
rockwellautomation5069-aen2trcpe:/h:rockwellautomation:5069-aen2tr
rockwellautomation1756-en2f_series_ccpe:/h:rockwellautomation:1756-en2f_series_c
rockwellautomation1756-en2t_series_dcpe:/h:rockwellautomation:1756-en2t_series_d
Rows per page:
1-10 of 181

Related

talosblog 1
ics 1
thn 1
nessus 1
cve 2
symantec 2
prion 2
nvd 2
talos 2
cvelist 2
checkpoint_advisories 1
githubexploit 1
talosblog
talosblog
Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead
2019-12-02 11:42:13
ics
ics
Rockwell Automation products using GoAhead Web Server
2023-01-26 12:00:00
thn
thn
Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
2019-12-04 12:48:00
nessus
nessus
Rockwell Automation products using GoAhead Web Server Use After Free (CVE-2019-5096)
2023-03-28 00:00:00
cve
cve
CVE-2019-5097
2019-12-03 22:15:14
CVE-2019-5096
2019-12-03 22:15:14
symantec
symantec
Embedthis GoAhead Web Server CVE-2019-5097 Denial of Service Vulnerability
2019-12-02 00:00:00
Embedthis GoAhead Web Server CVE-2019-5096 Remote Code Execution Vulnerability
2019-12-02 00:00:00
prion
prion
Denial of service
2019-12-03 22:15:00
Design/Logic Flaw
2019-12-03 22:15:00
nvd
nvd
CVE-2019-5097
2019-12-03 22:15:14
CVE-2019-5096
2019-12-03 22:15:14
talos
talos
EmbedThis GoAhead web server denial-of-service vulnerability
2019-12-02 00:00:00
EmbedThis GoAhead web server code execution vulnerability
2019-12-02 00:00:00
cvelist
cvelist
CVE-2019-5097
2019-12-03 21:49:38
CVE-2019-5096
2019-12-03 21:52:15
checkpoint_advisories
checkpoint_advisories
Embedthis Goahead Use-After-Free (CVE-2019-5096)
2020-03-01 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Embedthis Goahead
2020-03-02 16:48:02

8.8 High

AI Score

Confidence

High

0.478 Medium

EPSS

Percentile

97.5%

JSON
Related for TENABLE_OT_ROCKWELL_CVE-2019-5097.NASL
talosblog1ics1thn1nessus1cve2symantec2prion2nvd2talos2cvelist2checkpoint_advisories1githubexploit1