Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SEL_CVE-2023-2310.NASLHistoryJun 05, 2023 - 12:00 a.m.
SEL RTAC Channel Accessible by Non-Endpoint (CVE-2023-2310)
2023-06-0500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
schweitzer engineering laboratories sel
real-time automation controller
remote attacker.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.7%
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501174);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");
script_cve_id("CVE-2023-2310");
script_name(english:"SEL RTAC Channel Accessible by Non-Endpoint (CVE-2023-2310)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer
Engineering Laboratories SEL Real-Time Automation Controller (RTAC)
could allow a remote attacker to perform a man-in-the-middle (MiTM)
that could result in denial of service. See the ACSELERATOR RTAC
SEL-5033 Software instruction manual date code 20210915 for more
details.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://selinc.com/support/security-notifications/external-reports/");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2310");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-2241_rtac_module_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3350_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505-3_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530-4_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3532_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3555_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560e_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560s_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/SEL");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/SEL');
var asset = tenable_ot::assets::get(vendor:'SEL');
var vuln_cpes = {
"cpe:/o:selinc:sel-2241_rtac_module_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r113-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3350_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r148-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3505_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r119-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3505-3_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3530_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r100-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3530-4_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r108-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3532_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3555_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r134-v0", "family" : "Rtac"},
"cpe:/o:selinc:sel-3560e_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r144-v2", "family" : "Rtac"},
"cpe:/o:selinc:sel-3560s_firmware" :
{"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r144-v2", "family" : "Rtac"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| selinc | sel-2241_rtac_module_firmware | cpe:/o:selinc:sel-2241_rtac_module_firmware | |
| selinc | sel-3350_firmware | cpe:/o:selinc:sel-3350_firmware | |
| selinc | sel-3505-3_firmware | cpe:/o:selinc:sel-3505-3_firmware | |
| selinc | sel-3505_firmware | cpe:/o:selinc:sel-3505_firmware | |
| selinc | sel-3530-4_firmware | cpe:/o:selinc:sel-3530-4_firmware | |
| selinc | sel-3530_firmware | cpe:/o:selinc:sel-3530_firmware | |
| selinc | sel-3532_firmware | cpe:/o:selinc:sel-3532_firmware | |
| selinc | sel-3555_firmware | cpe:/o:selinc:sel-3555_firmware | |
| selinc | sel-3560e_firmware | cpe:/o:selinc:sel-3560e_firmware | |
| selinc | sel-3560s_firmware | cpe:/o:selinc:sel-3560s_firmware |
Related
nvd
nvd
CVE-2023-2310
2023-05-10 20:15:09
cve
cve
CVE-2023-2310
2023-05-10 20:15:09
prion
prion
Design/Logic Flaw
2023-05-10 20:15:00
cvelist
cvelist
CVE-2023-2310 Channel Accessible by Non-Endpoint
2023-05-10 19:18:43
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.7%
Related for TENABLE_OT_SEL_CVE-2023-2310.NASL