Wago PFC 200 Web-Based Management Code Execution (CVE-2020-6090)

2023-02-1300:00:00

www.tenable.com

wago

pfc 200

web-based management

code execution

cve-2020-6090

tenable.ot

http request

remote code execution

vulnerability

wago pfc 200 03.03.10(15)

authenticated

0.003 Low

EPSS

Percentile

66.4%

JSON

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500800);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");

  script_cve_id("CVE-2020-6090");

  script_name(english:"Wago PFC 200 Web-Based Management Code Execution (CVE-2020-6090)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An exploitable code execution vulnerability exists in the Web-Based
Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A
specially crafted series of HTTP requests can cause code execution
resulting in remote code execution. An attacker can make an
authenticated HTTP request to trigger this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1010");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-6090");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(345);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:pfc200_firmware:03.03.10%2815%29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Wago");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Wago');

var asset = tenable_ot::assets::get(vendor:'Wago');

var vuln_cpes = {
    "cpe:/o:wago:pfc200_firmware:03.03.10%2815%29" :
        {"versionEndIncluding" : "03.03.10\(15\)", "versionStartIncluding" : "03.03.10\(15\)", "family" : "ControllerPFC200"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

VendorProductVersionCPE
wagopfc200_firmware03.03.10%2815%29cpe:/o:wago:pfc200_firmware:03.03.10%2815%29

Vendor	Product	Version	CPE
wago	pfc200_firmware	03.03.10%2815%29	cpe:/o:wago:pfc200_firmware:03.03.10%2815%29

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6090

talosintelligence.com/vulnerability_reports/TALOS-2020-1010

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for TENABLE_OT_WAGO_CVE-2020-6090.NASL