Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_HONEYWELL_CVE-2023-25178.NASL
HistorySep 05, 2023 - 12:00 a.m.

Honeywell Experion PKS, LX and PlantCruise Insufficient Verification of Data Authenticity (CVE-2023-25178)

2023-09-0500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
honeywell
experion pks
experion lx
plantcruise
insufficient verification
data authenticity
cve-2023-25178
remote code execution
firmware
upgrade
r520.2
security best practices
limited access
backup
security notifications
sn2023-06-22.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Controller may be loaded with malicious firmware which could enable remote code execution

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501611);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2023-25178");

  script_name(english:"Honeywell Experion PKS, LX and PlantCruise Insufficient Verification of Data Authenticity (CVE-2023-25178)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Controller may be loaded with malicious firmware which could enable
remote code execution

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://process.honeywell.com");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Honeywell recommends users upgrade Experion Platforms to version R520.2. Download information includes the following:

- Product: Experion PKS, LX, & PlantCruise
- Version: R520.2
- For instructions on this process: 
    - Go to the Honeywell Website and sign in.
    - Select “Support” at the top of the web page.
    - Select “Product Documents & Downloads.”
    - In the given search box, search for: “Experion PKS R520.2”, “Experion LX R520.2” or “Experion PlantCruise R520.2”
and select the hyperlink for the given Experion platform.

Honeywell advises users to follow security best practices for Experion platform environments to ensure access is limited
to authorized users only. Users should ensure the backup files are maintained in a network location or physical drive
with access limited to authorized users only and should not share them.

Honeywell Security Notifications are available on the Honeywell website. For access, users should visit the Honeywell
website and sign in, select the search icon at the top of the web page, and search for “SN2023-06-22”.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25178");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(345);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:501");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:510");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:511");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:honeywell:c300_firmware:520");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Honeywell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Honeywell');

var asset = tenable_ot::assets::get(vendor:'Honeywell');

var vuln_cpes = {
    "cpe:/o:honeywell:c300_firmware:501" :
        {"versionEndIncluding" : "501.6hf8", "versionStartIncluding" : "501.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:510" :
        {"versionEndIncluding" : "510.2hf12", "versionStartIncluding" : "510.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:511" :
        {"versionEndIncluding" : "511.5tcu3", "versionStartIncluding" : "511.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:520" :
        {"versionEndIncluding" : "520.1tcu4", "versionStartIncluding" : "520.1", "family" : "HoneywellExperion"},
    "cpe:/o:honeywell:c300_firmware:520" :
        {"versionEndIncluding" : "520.2tcu2", "versionStartIncluding" : "520.2", "family" : "HoneywellExperion"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
honeywellc300_firmware501cpe:/o:honeywell:c300_firmware:501
honeywellc300_firmware510cpe:/o:honeywell:c300_firmware:510
honeywellc300_firmware511cpe:/o:honeywell:c300_firmware:511
honeywellc300_firmware520cpe:/o:honeywell:c300_firmware:520

Related

cve 1
nvd 1
prion 1
cvelist 1
ics 1
cve
cve
CVE-2023-25178
2023-07-13 11:15:09
nvd
nvd
CVE-2023-25178
2023-07-13 11:15:09
prion
prion
Remote code execution
2023-07-13 11:15:00
cvelist
cvelist
CVE-2023-25178 Controller design flaw - unsigned firmware
2023-07-13 10:59:16
ics
ics
Honeywell Experion PKS, LX and PlantCruise
2023-07-13 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON
Related for TENABLE_OT_HONEYWELL_CVE-2023-25178.NASL
cve1nvd1prion1cvelist1ics1