Lucene search

HistoryJun 05, 2023 - 12:00 a.m.

Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2023-31149)

2023-06-0500:00:00

www.tenable.com

ot asset

remote attacker

arbitrary code execution

authenticated

sel rtac

tenable.ot

security bulletin

cve-2023-31149

code execution

vendor advisory

firmware.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.1%

JSON

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501181);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");

  script_cve_id("CVE-2023-31149");

  script_name(english:"Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2023-31149)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An Improper Input Validation vulnerability in the Schweitzer
Engineering Laboratories Real-Time Automation Controller (SEL RTAC)
Web Interface could allow a remote authenticated attacker to execute
arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more
details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://selinc.com/support/security-notifications/external-reports/");
  script_set_attribute(attribute:"see_also", value:"https://www.nozominetworks.com/blog/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-31149");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-2241_rtac_module_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3350_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505-3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530-4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3532_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3555_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560e_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560s_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/SEL");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/SEL');

var asset = tenable_ot::assets::get(vendor:'SEL');

var vuln_cpes = {
    "cpe:/o:selinc:sel-2241_rtac_module_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3350_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r148-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505-3_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530-4_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3532_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r132-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3555_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r134-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560e_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r144-v2", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560s_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r144-v2", "family" : "Rtac"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

VendorProductVersionCPE
selincsel-2241_rtac_module_firmwarecpe:/o:selinc:sel-2241_rtac_module_firmware
selincsel-3350_firmwarecpe:/o:selinc:sel-3350_firmware
selincsel-3505-3_firmwarecpe:/o:selinc:sel-3505-3_firmware
selincsel-3505_firmwarecpe:/o:selinc:sel-3505_firmware
selincsel-3530-4_firmwarecpe:/o:selinc:sel-3530-4_firmware
selincsel-3530_firmwarecpe:/o:selinc:sel-3530_firmware
selincsel-3532_firmwarecpe:/o:selinc:sel-3532_firmware
selincsel-3555_firmwarecpe:/o:selinc:sel-3555_firmware
selincsel-3560e_firmwarecpe:/o:selinc:sel-3560e_firmware
selincsel-3560s_firmwarecpe:/o:selinc:sel-3560s_firmware

Vendor	Product	CPE
selinc	sel-2241_rtac_module_firmware	cpe:/o:selinc:sel-2241_rtac_module_firmware
selinc	sel-3350_firmware	cpe:/o:selinc:sel-3350_firmware
selinc	sel-3505-3_firmware	cpe:/o:selinc:sel-3505-3_firmware
selinc	sel-3505_firmware	cpe:/o:selinc:sel-3505_firmware
selinc	sel-3530-4_firmware	cpe:/o:selinc:sel-3530-4_firmware
selinc	sel-3530_firmware	cpe:/o:selinc:sel-3530_firmware
selinc	sel-3532_firmware	cpe:/o:selinc:sel-3532_firmware
selinc	sel-3555_firmware	cpe:/o:selinc:sel-3555_firmware
selinc	sel-3560e_firmware	cpe:/o:selinc:sel-3560e_firmware
selinc	sel-3560s_firmware	cpe:/o:selinc:sel-3560s_firmware

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31149

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for TENABLE_OT_SEL_CVE-2023-31149.NASL