Westermo WeOS Stack-Based Buffer Overflow (CVE-2015-7547)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502180);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/03");

  script_cve_id("CVE-2015-7547");

  script_name(english:"Westermo WeOS Stack-Based Buffer Overflow (CVE-2015-7547)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An attacker that successfully masquerade as an upstream DNS server may serve the WeOS device 
with malicious DNS query response that can allow the attacker full unauthorized access to the device. 
The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the 
getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled 
domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.westermo.com/us/-/media/Files/Cyber-security/westermo_sa_weos_16-03_v1.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6846b6cb");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7547");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:westermo:weos");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Westermo");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Westermo');

var asset = tenable_ot::assets::get(vendor:'Westermo');

var vuln_cpes = {
    "cpe:/o:westermo:weos" :
        {"versionStartIncluding" : "4.12.0", "versionEndIncluding" : "4.18.0", "family" : "WestermoLynx"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);