Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2013-0663.NASL
HistoryFeb 07, 2022 - 12:00 a.m.

Schneider Electric Modicon Cross-Site Request Forgery (CVE-2013-0663)

2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6

7.5 High

AI Score

Confidence

Low

JSON

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500074);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");

  script_cve_id("CVE-2013-0663");
  script_xref(name:"EDB-ID", value:"44678");

  script_name(english:"Schneider Electric Modicon Cross-Site Request Forgery (CVE-2013-0663)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and
140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC
modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as
demonstrated by modifying HTTP credentials.  

This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf");
  # http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3596b1c");
  # http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ec12ec6");
  script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/44678/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0663");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_quantum_plc:140noe77101");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_quantum_plc:140nwm10000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_quantum_plc:140noe77111");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_m340:bmxnoe0100x");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_m340:bmxnoe011xx");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_m340:bmxnoc0401");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_premium:tsxety5103");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_premium:tsxwmy100");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:schneider-electric:modicon_premium:tsxety4103");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/h:schneider-electric:modicon_quantum_plc:140noe77101" :
        {"family" : "QuantumUnityCP"},
    "cpe:/h:schneider-electric:modicon_quantum_plc:140nwm10000" :
        {"family" : "QuantumUnityCP"},
    "cpe:/h:schneider-electric:modicon_quantum_plc:140noe77111" :
        {"family" : "QuantumUnityCP"},
    "cpe:/h:schneider-electric:modicon_m340:bmxnoe0100x" :
        {"family" : "ModiconM340M580CP"},
    "cpe:/h:schneider-electric:modicon_m340:bmxnoe011xx" :
        {"family" : "ModiconM340M580CP"},
    "cpe:/h:schneider-electric:modicon_m340:bmxnoc0401" :
        {"family" : "ModiconM340M580CP"},
    "cpe:/h:schneider-electric:modicon_premium:tsxety5103" :
        {"family" : "PremiumCP"},
    "cpe:/h:schneider-electric:modicon_premium:tsxwmy100" :
        {"family" : "PremiumCP"},
    "cpe:/h:schneider-electric:modicon_premium:tsxety4103" :
        {"family" : "PremiumCP"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
schneider-electricmodicon_quantum_plc140noe77101cpe:/h:schneider-electric:modicon_quantum_plc:140noe77101
schneider-electricmodicon_quantum_plc140nwm10000cpe:/h:schneider-electric:modicon_quantum_plc:140nwm10000
schneider-electricmodicon_quantum_plc140noe77111cpe:/h:schneider-electric:modicon_quantum_plc:140noe77111
schneider-electricmodicon_m340bmxnoe0100xcpe:/h:schneider-electric:modicon_m340:bmxnoe0100x
schneider-electricmodicon_m340bmxnoe011xxcpe:/h:schneider-electric:modicon_m340:bmxnoe011xx
schneider-electricmodicon_m340bmxnoc0401cpe:/h:schneider-electric:modicon_m340:bmxnoc0401
schneider-electricmodicon_premiumtsxety5103cpe:/h:schneider-electric:modicon_premium:tsxety5103
schneider-electricmodicon_premiumtsxwmy100cpe:/h:schneider-electric:modicon_premium:tsxwmy100
schneider-electricmodicon_premiumtsxety4103cpe:/h:schneider-electric:modicon_premium:tsxety4103

Related

prion 1
cve 1
exploitpack 1
nessus 1
packetstorm 1
cvelist 1
exploitdb 1
ics 1
prion
prion
Cross site request forgery (csrf)
2013-04-04 11:58:00
cve
cve
CVE-2013-0663
2013-04-04 11:58:00
exploitpack
exploitpack
Schneider Electric PLCs - Cross-Site Request Forgery
2018-05-21 00:00:00
nessus
nessus
Schneider-electric Modicon Cross-Site Request Forgery (CSRF)
2019-11-08 00:00:00
packetstorm
packetstorm
Schneider Electric PLCs Cross Site Request Forgery
2018-05-21 00:00:00
cvelist
cvelist
CVE-2013-0663
2013-04-04 10:00:00
exploitdb
exploitdb
Schneider Electric PLCs - Cross-Site Request Forgery
2018-05-21 00:00:00
ics
ics
Schneider Electric PLCs Vulnerabilities (Update B)
2019-06-25 12:00:00

7.5 High

AI Score

Confidence

Low

JSON
Related for TENABLE_OT_SCHNEIDER_CVE-2013-0663.NASL
prion1cve1exploitpack1nessus1packetstorm1cvelist1exploitdb1ics1