Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2013-2763.NASLHistoryMar 01, 2023 - 12:00 a.m.
Schneider Electric Modicon Uncontrolled Resource Consumption (CVE-2013-2763)
2023-03-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
schneider electric
modicon m340 plc
uncontrolled resource consumption
cve-2013-2763
denial of service
tenable.ot
DISPUTED The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it could not be duplicated and an attacker could not remotely exploit this observed behavior to deny PLC control functions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500866);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/08");
script_cve_id("CVE-2013-2763");
script_name(english:"Schneider Electric Modicon Uncontrolled Resource Consumption (CVE-2013-2763)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"** DISPUTED ** The Schneider Electric M340 PLC modules allow remote
attackers to cause a denial of service (resource consumption) via
unspecified vectors. NOTE: the vendor reportedly disputes this issue
because it could not be duplicated and an attacker could not
remotely exploit this observed behavior to deny PLC control
functions.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2763");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342020_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_bmxp342030_firmware:-");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:-" :
{"family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342020_firmware:-" :
{"family" : "ModiconM340"},
"cpe:/o:schneider-electric:modicon_m340_bmxp342030_firmware:-" :
{"family" : "ModiconM340"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | modicon_m340_bmx_noc_0401_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:- |
| schneider-electric | modicon_m340_bmx_noe_0100_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:- |
| schneider-electric | modicon_m340_bmx_noe_0100h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:- |
| schneider-electric | modicon_m340_bmx_noe_0110_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:- |
| schneider-electric | modicon_m340_bmx_noe_0110h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:- |
| schneider-electric | modicon_m340_bmx_nor_0200h_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:- |
| schneider-electric | modicon_m340_bmx_p34-2010_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:- |
| schneider-electric | modicon_m340_bmx_p34-2030_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:- |
| schneider-electric | modicon_m340_bmxp341000_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmxp341000_firmware:- |
| schneider-electric | modicon_m340_bmxp342010_firmware | - | cpe:/o:schneider-electric:modicon_m340_bmxp342010_firmware:- |
Related
cve
cve
CVE-2013-2763
2022-10-03 16:15:02
nessus
nessus
prion
prion
Design/Logic Flaw
2013-04-04 11:58:00
cvelist
cvelist
CVE-2013-2763
2022-10-03 16:15:02
nvd
nvd
CVE-2013-2763
2013-04-04 11:58:49
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.3%
Related for TENABLE_OT_SCHNEIDER_CVE-2013-2763.NASL