Lucene search

HistoryJun 05, 2023 - 12:00 a.m.

Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2023-31162)

2023-06-0500:00:00

www.tenable.com

schweitzer engineering laboratories

rtac

improper input validation

sel rtac

configuration file

remote attackers

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501183);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/24");

  script_cve_id("CVE-2023-31162");

  script_name(english:"Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2023-31162)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An Improper Input Validation vulnerability in the Schweitzer
Engineering Laboratories Real-Time Automation Controller (SEL RTAC)
Web Interface could allow a remote authenticated attacker to
arbitrarily alter the content of a configuration file. See SEL Service
Bulletin dated 2022-11-15 for more details.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://selinc.com/support/security-notifications/external-reports/");
  script_set_attribute(attribute:"see_also", value:"https://www.nozominetworks.com/blog/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-31162");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-2241_rtac_module_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3350_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505-3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3505_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530-4_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3530_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3532_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3555_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560e_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:selinc:sel-3560s_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/SEL");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/SEL');

var asset = tenable_ot::assets::get(vendor:'SEL');

var vuln_cpes = {
    "cpe:/o:selinc:sel-2241_rtac_module_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3350_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3505-3_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3530-4_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3532_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3555_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560e_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"},
    "cpe:/o:selinc:sel-3560s_firmware" :
        {"versionEndExcluding" : "r150-v2", "versionStartIncluding" : "r149-v0", "family" : "Rtac"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

VendorProductVersionCPE
selincsel-2241_rtac_module_firmwarecpe:/o:selinc:sel-2241_rtac_module_firmware
selincsel-3350_firmwarecpe:/o:selinc:sel-3350_firmware
selincsel-3505-3_firmwarecpe:/o:selinc:sel-3505-3_firmware
selincsel-3505_firmwarecpe:/o:selinc:sel-3505_firmware
selincsel-3530-4_firmwarecpe:/o:selinc:sel-3530-4_firmware
selincsel-3530_firmwarecpe:/o:selinc:sel-3530_firmware
selincsel-3532_firmwarecpe:/o:selinc:sel-3532_firmware
selincsel-3555_firmwarecpe:/o:selinc:sel-3555_firmware
selincsel-3560e_firmwarecpe:/o:selinc:sel-3560e_firmware
selincsel-3560s_firmwarecpe:/o:selinc:sel-3560s_firmware

Vendor	Product	CPE
selinc	sel-2241_rtac_module_firmware	cpe:/o:selinc:sel-2241_rtac_module_firmware
selinc	sel-3350_firmware	cpe:/o:selinc:sel-3350_firmware
selinc	sel-3505-3_firmware	cpe:/o:selinc:sel-3505-3_firmware
selinc	sel-3505_firmware	cpe:/o:selinc:sel-3505_firmware
selinc	sel-3530-4_firmware	cpe:/o:selinc:sel-3530-4_firmware
selinc	sel-3530_firmware	cpe:/o:selinc:sel-3530_firmware
selinc	sel-3532_firmware	cpe:/o:selinc:sel-3532_firmware
selinc	sel-3555_firmware	cpe:/o:selinc:sel-3555_firmware
selinc	sel-3560e_firmware	cpe:/o:selinc:sel-3560e_firmware
selinc	sel-3560s_firmware	cpe:/o:selinc:sel-3560s_firmware

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31162

selinc.com/support/security-notifications/external-reports/

www.nozominetworks.com/blog/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for TENABLE_OT_SEL_CVE-2023-31162.NASL