Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SCHNEIDER_CVE-2020-7533.NASLHistoryJun 29, 2023 - 12:00 a.m.
Schneider Electric Modicon Credentials Management Errors (CVE-2020-7533)
2023-06-2900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
schneider electric
modicon
credentials management
cwe-255
web server
m340
quantum
premium
communication modules
http requests
authentication
vulnerability
tenable.ot
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501203);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/22");
script_cve_id("CVE-2020-7533");
script_name(english:"Schneider Electric Modicon Credentials Management Errors (CVE-2020-7533)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-255: Credentials Management vulnerability exists in Web Server
on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and
their Communication Modules (see security notification for version
information) which could cause the execution of commands on the
webserver without authentication when sending specially crafted HTTP
requests.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-287-01/");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7533");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/01");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140cpu65260_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc77101_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noc78000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:140noe77111_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoc0401_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0100_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxnoe0110_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp341000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp342000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420102_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:bmxp3420302_firmware:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety4103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxety5103_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp574634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp575634_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:tsxp576634_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:bmxp3420302_firmware:3" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp342000_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp341000_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxp3420102_firmware" :
{"versionEndExcluding" : "3.20", "family" : "ModiconM340"},
"cpe:/o:schneider-electric:bmxnoe0100_firmware" :
{"versionEndExcluding" : "3.3", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoe0110_firmware" :
{"versionEndExcluding" : "6.5", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:bmxnoc0401_firmware" :
{"versionEndExcluding" : "2.10", "family" : "ModiconM340M580CP"},
"cpe:/o:schneider-electric:tsxp574634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp575634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxp576634_firmware" :
{"versionEndExcluding" : "6.1", "family" : "Premium"},
"cpe:/o:schneider-electric:tsxety4103_firmware" :
{"versionEndExcluding" : "6.2", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:tsxety5103_firmware" :
{"versionEndExcluding" : "6.4", "family" : "PremiumCP"},
"cpe:/o:schneider-electric:140noe77111_firmware" :
{"versionEndExcluding" : "7.1", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc78000_firmware" :
{"versionEndExcluding" : "1.74", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140noc77101_firmware" :
{"versionEndExcluding" : "1.08", "family" : "QuantumUnityCP"},
"cpe:/o:schneider-electric:140cpu65260_firmware" :
{"versionEndExcluding" : "6.1", "family" : "QuantumUnity"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | 140cpu65260_firmware | cpe:/o:schneider-electric:140cpu65260_firmware | |
| schneider-electric | 140noe77111_firmware | cpe:/o:schneider-electric:140noe77111_firmware | |
| schneider-electric | 140noc77101_firmware | cpe:/o:schneider-electric:140noc77101_firmware | |
| schneider-electric | 140noc78000_firmware | cpe:/o:schneider-electric:140noc78000_firmware | |
| schneider-electric | bmxnoc0401_firmware | cpe:/o:schneider-electric:bmxnoc0401_firmware | |
| schneider-electric | bmxnoe0100_firmware | cpe:/o:schneider-electric:bmxnoe0100_firmware | |
| schneider-electric | bmxnoe0110_firmware | cpe:/o:schneider-electric:bmxnoe0110_firmware | |
| schneider-electric | bmxp341000_firmware | cpe:/o:schneider-electric:bmxp341000_firmware | |
| schneider-electric | bmxp342000_firmware | cpe:/o:schneider-electric:bmxp342000_firmware | |
| schneider-electric | bmxp3420102_firmware | cpe:/o:schneider-electric:bmxp3420102_firmware |
Related
cvelist
cvelist
CVE-2020-7533
2020-12-01 14:47:02
prion
prion
Design/Logic Flaw
2020-12-01 15:15:00
cve
cve
CVE-2020-7533
2020-12-01 15:15:12
Related for TENABLE_OT_SCHNEIDER_CVE-2020-7533.NASL