Yokogawa CAMS for HIS Violation of Secure Design Principles (CVE-2022-30707)

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500663);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-30707");

  script_name(english:"Yokogawa CAMS for HIS Violation of Secure Design Principles (CVE-2022-30707)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are
CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series
where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series
regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and
R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is
installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully
compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data
from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any
affected machines, or information disclosure/alteration.

  - Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and
    versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to
    R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic
    R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small,
    and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if
    NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and
    B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS
    for HIS software, they can use credentials from the compromised machine to access data from another
    machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on
    any affected machines, or information disclosure/alteration. (CVE-2022-30707)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02");
  script_set_attribute(attribute:"see_also", value:"https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf");
  script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU92819891/index.html");
  script_set_attribute(attribute:"see_also", value:"https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Yokogawa has produced the following mitigations for the affected products:

- CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class): 
    - No software patch will be made available as these products are end-of-life. Upgrade systems to the latest version
of CENTUM VP.
- CENTUM VP (Including CENTUM VP Entry Class): 
    - Versions R4.01.00 through R4.03.00, and R5.01.00 through R5.04.20 
        - No software patch will be made available as these products are end-of-life. Consider upgrading systems to the
latest version of CENTUM VP.
    - Versions R6.01.00 through R6.09.00 
        - Update systems to Version R6.09.00 and apply software patch R6.09.03
- Exaopc: 
    - Update systems to Version R3.80.00 and apply software patch R3.80.01
- B/M9000CS and B/M9000 VP: 
    - These products are not directly affected by the vulnerability. However, these products are affected if CENTUM is
installed on the same PC. If CENTUM is installed, update as described above. Also update B/M9000 to the latest version.

Please see Yokogawa Security Advisory Report YSAR-22-0006 at the following locations for more information:

English

Japanese

For questions related to these mitigations, please contact Yokogawa.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-30707");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_cs_3000_entry_class_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_cs_3000_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_entry_class_firmware:r4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_entry_class_firmware:r5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_entry_class_firmware:r6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_firmware:r4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_firmware:r5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:yokogawa:centum_vp_firmware:r6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Yokogawa");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Yokogawa');

var asset = tenable_ot::assets::get(vendor:'Yokogawa');

var vuln_cpes = {
    "cpe:/o:yokogawa:centum_cs_3000_firmware" :
        {"versionEndIncluding" : "r3.09.00", "versionStartIncluding" : "r3.08.10", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_cs_3000_entry_class_firmware" :
        {"versionEndIncluding" : "r3.09.00", "versionStartIncluding" : "r3.08.10", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_firmware:r4" :
        {"versionEndIncluding" : "r4.03.00", "versionStartIncluding" : "r4.01.00", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_firmware:r5" :
        {"versionEndIncluding" : "r5.04.20", "versionStartIncluding" : "r5.01.00", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_firmware:r6" :
        {"versionEndIncluding" : "r6.09.00", "versionStartIncluding" : "r6.01.00", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_entry_class_firmware:r4" :
        {"versionEndIncluding" : "r4.03.00", "versionStartIncluding" : "r4.01.00", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_entry_class_firmware:r5" :
        {"versionEndIncluding" : "r5.04.20", "versionStartIncluding" : "r5.01.00", "family" : "CentumVP"},
    "cpe:/o:yokogawa:centum_vp_entry_class_firmware:r6" :
        {"versionEndIncluding" : "r6.09.00", "versionStartIncluding" : "r6.01.00", "family" : "CentumVP"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);