Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6850)

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500294);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");

  script_cve_id("CVE-2019-6850");

  script_name(english:"Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6850)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A CWE-200: Information Exposure vulnerability exists in Modicon M580,
Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the
disclosure of sensitive information when reading specific registers
with the REST API of the controller/communication module.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7125099b");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6850");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_bmenoc_0311_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_bmenoc_0321_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m580_series_firmware:-");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:modicon_m580_series_firmware:-" :
        {"family" : "ModiconM580"},
    "cpe:/o:schneider-electric:modicon_bmenoc0311_firmware:-" :
        {"family" : "ModiconM340M580CP"},
    "cpe:/o:schneider-electric:modicon_bmenoc0321_firmware:-" :
        {"family" : "ModiconM340M580CP"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);