Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_HANWHAVISION_CVE-2019-12223.NASL
HistoryJun 26, 2024 - 12:00 a.m.

Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)

2024-06-2600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
hanwha vision nvr
cve-2019-12223
buffer overflow
patched firmware
denial of service
remote attack
discontinued models
tenable.ot scanner

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level.

The listed NVR is vulnerable to allow remote attackers to cause a denial of service (such as system crash and reboot) using buffer overflow. The listed all models are currently discontinued. Nevertheless, Hanwha Techwin have released the patched firmware regarding SRN-472S, 473S, 873S, 1673S, 4000 models.

However, SRN-1000, 1670D, 470D models will not be updated any more due to the date of discontinuation and End Of Life.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502283);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/27");

  script_cve_id("CVE-2019-12223");

  script_name(english:"Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The NVR can be rebooted via external attack continuously if it can be access via 
the public network. During the time, video transmission and recording will not be operated. 
Also, Exploiting the vulnerability is trivial and requires very low skill level. 

The listed NVR is vulnerable to allow remote attackers to cause a denial of service 
(such as system crash and reboot) using buffer overflow. The listed all models are 
currently discontinued. Nevertheless, Hanwha Techwin have released the patched firmware 
regarding SRN-472S, 473S, 873S, 1673S, 4000 models. 

However, SRN-1000, 1670D, 470D models will not be updated any more due to the date of 
discontinuation and End Of Life. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.hanwhavision.com/wp-content/uploads/2021/10/NVR-Vulnerability-Report-CVE-2019-12223_Update.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b75d430b");
  script_set_attribute(attribute:"solution", value:
"SRN-472S, 473S, 873S, 1673S, 4000 models, update NVR immediately with latest firmware. 
As SRN-1000, 1670D, 470D models have no patched firmware, NVR needs to be disconnected 
from the public network or be blocked from untrusted IPs using IP firewall.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12223");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-1000_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-1670d_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-470d_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-1673s_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-873s_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-473s_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-472s_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hanwhavision:srn-4000_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/HanwhaVision");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/HanwhaVision');

var asset = tenable_ot::assets::get(vendor:'HanwhaVision');

var vuln_cpes = {
    "cpe:/o:hanwhavision:srn-1000_firmware" :
        {"family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-1670d_firmware" :
        {"family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-470d_firmware" :
        {"family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-1673s_firmware" :
        {"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-873s_firmware" :
        {"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-473s_firmware" :
        {"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-472s_firmware" :
        {"versionEndIncluding" : "1.16", "family" : "HanwhaVideoRecorders"},
    "cpe:/o:hanwhavision:srn-4000_firmware" :
        {"versionEndIncluding" : "2.20", "family" : "HanwhaVideoRecorders"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2019-12223
2019-09-05 15:15:11
prion
prion
Buffer overflow
2019-09-05 15:15:00
nvd
nvd
CVE-2019-12223
2019-09-05 15:15:11
cvelist
cvelist
CVE-2019-12223
2019-09-05 14:55:03

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON
Related for TENABLE_OT_HANWHAVISION_CVE-2019-12223.NASL
cve1prion1nvd1cvelist1