A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501203);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/22");
script_cve_id("CVE-2020-7533");
script_name(english:"Schneider Electric Modicon Credentials Management Errors (CVE-2020-7533)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-255: Credentials Management vulnerability exists in Web Server
on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and
their Communication Modules (see security notification for version
information) which could cause the execution of commands on the
webserver without authentication when sending specially crafted HTTP
requests.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-287-01/");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7533");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/01");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140cpu65260_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc78000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoc0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp341000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp342000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420102_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420302_firmware:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:bmxp3420302_firmware:3" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp342000_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp341000_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420102_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxnoe0100_firmware" :
{"versionEndExcluding" : "3.3", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoe0110_firmware" :
{"versionEndExcluding" : "6.5", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoc0401_firmware" :
{"versionEndExcluding" : "2.10", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:tsxp574634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp575634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp576634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxety4103_firmware" :
{"versionEndExcluding" : "6.2", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:tsxety5103_firmware" :
{"versionEndExcluding" : "6.4", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:140noe77111_firmware" :
{"versionEndExcluding" : "7.1", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc78000_firmware" :
{"versionEndExcluding" : "1.74", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc77101_firmware" :
{"versionEndExcluding" : "1.08", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140cpu65260_firmware" :
{"versionEndExcluding" : "6.1", "family" : "QuantumUnity"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | 140cpu65260_firmware | cpe:/o:schneider-electric:140cpu65260_firmware | |
schneider-electric | 140noe77111_firmware | cpe:/o:schneider-electric:140noe77111_firmware | |
schneider-electric | 140noc77101_firmware | cpe:/o:schneider-electric:140noc77101_firmware | |
schneider-electric | 140noc78000_firmware | cpe:/o:schneider-electric:140noc78000_firmware | |
schneider-electric | bmxnoc0401_firmware | cpe:/o:schneider-electric:bmxnoc0401_firmware | |
schneider-electric | bmxnoe0100_firmware | cpe:/o:schneider-electric:bmxnoe0100_firmware | |
schneider-electric | bmxnoe0110_firmware | cpe:/o:schneider-electric:bmxnoe0110_firmware | |
schneider-electric | bmxp341000_firmware | cpe:/o:schneider-electric:bmxp341000_firmware | |
schneider-electric | bmxp342000_firmware | cpe:/o:schneider-electric:bmxp342000_firmware | |
schneider-electric | bmxp3420102_firmware | cpe:/o:schneider-electric:bmxp3420102_firmware |