Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_WAGO_CVE-2022-3738.NASL
HistoryMar 29, 2023 - 12:00 a.m.

Wago Multiple Products Missing Authentication for Critical Function (CVE-2022-3738)

2023-03-2900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
vulnerability
wago
authentication
remote
unauthenticated
attacker
download
backup
sensitive information
credentials
cryptographic material
cve-2022-3738
tenable.ot
ot asset
cpe
firmware

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500917);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");

  script_cve_id("CVE-2022-3738");

  script_name(english:"Wago Multiple Products Missing Authentication for Critical Function (CVE-2022-3738)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The vulnerability allows a remote unauthenticated attacker to download
a backup file, if one exists. That backup file might contain sensitive
information like credentials and cryptographic material. A valid user
has to create a backup after the last reboot for this attack to be
successfull.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en/advisories/VDE-2022-054/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3738");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(306);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:edge_controller_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:pfc100_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:wago:pfc200_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Wago");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Wago');

var asset = tenable_ot::assets::get(vendor:'Wago');

var vuln_cpes = {
    "cpe:/o:wago:pfc100_firmware" :
        {"versionEndIncluding" : "22", "versionStartIncluding" : "16", "family" : "ControllerPFC100"},
    "cpe:/o:wago:pfc200_firmware" :
        {"versionEndIncluding" : "22", "versionStartIncluding" : "16", "family" : "ControllerPFC200"},
    "cpe:/o:wago:edge_controller_firmware" :
        {"versionEndIncluding" : "22", "versionStartIncluding" : "16", "family" : "EdgeController"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
wagoedge_controller_firmwarecpe:/o:wago:edge_controller_firmware
wagopfc100_firmwarecpe:/o:wago:pfc100_firmware
wagopfc200_firmwarecpe:/o:wago:pfc200_firmware

Related

prion 1
nvd 1
cvelist 1
cve 1
prion
prion
Information disclosure
2023-01-19 12:15:00
nvd
nvd
CVE-2022-3738
2023-01-19 12:15:11
cvelist
cvelist
CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products
2023-01-19 11:27:51
cve
cve
CVE-2022-3738
2023-01-19 12:15:11

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON
Related for TENABLE_OT_WAGO_CVE-2022-3738.NASL
prion1nvd1cvelist1cve1