Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_ABB_CVE-2021-22284.NASLHistoryMar 29, 2023 - 12:00 a.m.
ABB OPC Server for Incorrect Permission Assignment for Critical Resource (CVE-2021-22284)
2023-03-2900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
vulnerability
abb
opc server
permission assignment
arbitrary code
tenable.ot
ac 800m
critical resource
0.001 Low
EPSS
Percentile
43.3%
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500938);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");
script_cve_id("CVE-2021-22284");
script_name(english:"ABB OPC Server for Incorrect Permission Assignment for Critical Resource (CVE-2021-22284)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Incorrect Permission Assignment for Critical Resource vulnerability in
OPC Server for AC 800M allows an attacker to execute arbitrary code in
the node running the AC800M OPC Server.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://search.abb.com/library/Download.aspx?DocumentID=7PAA000908&LanguageCode=en&DocumentPartId=&Action=Launch
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ffdacf7");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22284");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(732);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/04");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:abb:opc_server_for_ac_800m");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/ABB");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/ABB');
var asset = tenable_ot::assets::get(vendor:'ABB');
var vuln_cpes = {
"cpe:/a:abb:opc_server_for_ac_800m" :
{"versionEndExcluding" : "6.0.0-4", "versionStartIncluding" : "5.1.0-0", "family" : "AbbAC800M"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| abb | opc_server_for_ac_800m | cpe:/a:abb:opc_server_for_ac_800m |
Related
cve
cve
CVE-2021-22284
2022-02-04 23:15:10
ics
ics
ABB OPC Server for AC 800M
2022-04-05 12:00:00
prion
prion
Code injection
2022-02-04 23:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-22284
2022-02-04 23:15:10