DISPUTED The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it could not be duplicated and an attacker could not remotely exploit this observed behavior to deny PLC control functions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500866);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/08");
script_cve_id("CVE-2013-2763");
script_name(english:"Schneider Electric Modicon Uncontrolled Resource Consumption (CVE-2013-2763)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"** DISPUTED ** The Schneider Electric M340 PLC modules allow remote
attackers to cause a denial of service (resource consumption) via
unspecified vectors. NOTE: the vendor reportedly disputes this issue
because it could not be duplicated and an attacker could not
remotely exploit this observed behavior to deny PLC control
functions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2763");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342020_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342030_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342020_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342030_firmware:-" :
{"family" : "ModiconM340"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | modicon_m340_bmx_noc_0401_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:- |
schneider-electric | modicon_m340_bmx_noe_0100_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:- |
schneider-electric | modicon_m340_bmx_noe_0100h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:- |
schneider-electric | modicon_m340_bmx_noe_0110_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:- |
schneider-electric | modicon_m340_bmx_noe_0110h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:- |
schneider-electric | modicon_m340_bmx_nor_0200h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:- |
schneider-electric | modicon_m340_bmx_p34-2010_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:- |
schneider-electric | modicon_m340_bmx_p34-2030_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:- |
schneider-electric | modicon_m340_bmxp341000_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:- |
schneider-electric | modicon_m340_bmxp342010_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:- |