Lucene search

HistoryJun 05, 2023 - 12:00 a.m.

Schweitzer Engineering Laboratories RTAC Improper Authentication (CVE-2023-31152)

2023-06-0500:00:00

www.tenable.com

schweitzer engineering laboratories rtac

authentication bypass

improper authentication

cve-2023-31152

sel service bulletin

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.7%

JSON

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501170);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");

  script_cve_id("CVE-2023-31152");

  script_name(english:"Schweitzer Engineering Laboratories RTAC Improper Authentication (CVE-2023-31152)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An Authentication Bypass Using an Alternate Path or Channel
vulnerability in the Schweitzer Engineering Laboratories Real-Time
Automation Controller (SEL RTAC) Web Interface allows Authentication
Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://selinc.com/support/security-notifications/external-reports/");
  script_set_attribute(attribute:"see_also", value:"https://www.nozominetworks.com/blog/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-31152");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-2241_rtac_module_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3350_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505-3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530-4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3532_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3555_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560e_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560s_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/SEL");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/SEL');

var asset = tenable_ot::assets::get(vendor:'SEL');

var vuln_cpes = {
    "cpe:/o:selinc:sel-2241_rtac_module_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3350_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r148-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505-3_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530-4_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3532_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3555_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560e_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560s_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r147-v0", "family" : "Rtac"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

VendorProductVersionCPE
selincsel-2241_rtac_module_firmwarecpe:/o:selinc:sel-2241_rtac_module_firmware
selincsel-3350_firmwarecpe:/o:selinc:sel-3350_firmware
selincsel-3505-3_firmwarecpe:/o:selinc:sel-3505-3_firmware
selincsel-3505_firmwarecpe:/o:selinc:sel-3505_firmware
selincsel-3530-4_firmwarecpe:/o:selinc:sel-3530-4_firmware
selincsel-3530_firmwarecpe:/o:selinc:sel-3530_firmware
selincsel-3532_firmwarecpe:/o:selinc:sel-3532_firmware
selincsel-3555_firmwarecpe:/o:selinc:sel-3555_firmware
selincsel-3560e_firmwarecpe:/o:selinc:sel-3560e_firmware
selincsel-3560s_firmwarecpe:/o:selinc:sel-3560s_firmware

Vendor	Product	CPE
selinc	sel-2241_rtac_module_firmware	cpe:/o:selinc:sel-2241_rtac_module_firmware
selinc	sel-3350_firmware	cpe:/o:selinc:sel-3350_firmware
selinc	sel-3505-3_firmware	cpe:/o:selinc:sel-3505-3_firmware
selinc	sel-3505_firmware	cpe:/o:selinc:sel-3505_firmware
selinc	sel-3530-4_firmware	cpe:/o:selinc:sel-3530-4_firmware
selinc	sel-3530_firmware	cpe:/o:selinc:sel-3530_firmware
selinc	sel-3532_firmware	cpe:/o:selinc:sel-3532_firmware
selinc	sel-3555_firmware	cpe:/o:selinc:sel-3555_firmware
selinc	sel-3560e_firmware	cpe:/o:selinc:sel-3560e_firmware
selinc	sel-3560s_firmware	cpe:/o:selinc:sel-3560s_firmware

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31152

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.7%

JSON

Related for TENABLE_OT_SEL_CVE-2023-31152.NASL