Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6841)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500199);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");

  script_cve_id("CVE-2019-6841");

  script_name(english:"Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6841)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A CWE-755: Improper Handling of Exceptional Conditions vulnerability
exists in Modicon M580 with firmware (version prior to V3.10), Modicon
M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules
(all firmware versions), which could cause a Denial of Service attack
on the PLC when upgrading the firmware with no firmware image inside
the package using FTP protocol.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2019-281-02/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6841");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(755);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_140cra_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_bmxcra_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m340_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m580_series_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:modicon_m580_series_firmware" :
        {"versionEndExcluding" : "4.10", "family" : "ModiconM580"},
    "cpe:/o:schneider-electric:modicon_m340_series_firmware" :
        {"versionEndExcluding" : "3.50", "family" : "ModiconM340"},
    "cpe:/o:schneider-electric:modicon_bmxcra_firmware" :
        {"family" : "Concept"},
    "cpe:/o:schneider-electric:modicon_140cra_firmware" :
        {"family" : "Concept"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);