Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2021-20597.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)
2022-02-0700:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.9%
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500550);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/25");
script_cve_id("CVE-2021-20597");
script_name(english:"Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules
(R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to
the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the
target or changing a password.
This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU98578731/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-21-250-01");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-009_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?793f9b44");
script_set_attribute(attribute:"solution", value:
'The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Users of the affected products and versions may take measures through mitigations and workarounds. Mitsubishi Electric
has released the fixed versions for CVE-2021-20594 and CVE-2021-20597 as shown below, but updating the product to the
fixed version is not available.
- MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU:Firmware versions "27" or later
- MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU:Firmware versions "12" or later
Mitsubishi Electric recommends users take the following mitigation measures to minimize the risk of exploiting these
vulnerabilities:
- Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.
- Use within a LAN and block access from untrusted networks and hosts through firewalls.
- Use the IP filter function to restrict the accessible IP addresses. MELSEC iQ-R Ethernet User\'s Manual (Application)
1.13 Security "IP filter"
- Register user information or change the password via USB. If you have already registered user information or changed
the user\'s password via the network, change the password once via USB. This mitigation is applicable to CVE-2021-20597
Additional information about these vulnerabilities or Mitsubishi Electric\'s compensating control is available by
contacting a Mitsubishi Electric representative.
Users should refer to Mitsubishi Electric advisories 2021-008,2021-009, and 2021-010 for further details.');
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20597");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(522);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/06");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120sfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r08psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r16psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r32psfcpu_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:r120psfcpu_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:r08sfcpu_firmware" :
{"versionEndIncluding" : "26", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r16sfcpu_firmware" :
{"versionEndIncluding" : "26", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r32sfcpu_firmware" :
{"versionEndIncluding" : "26", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r120sfcpu_firmware" :
{"versionEndIncluding" : "26", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r08psfcpu_firmware" :
{"versionEndIncluding" : "11", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r16psfcpu_firmware" :
{"versionEndIncluding" : "11", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r32psfcpu_firmware" :
{"versionEndIncluding" : "11", "family" : "MELSECiQR"},
"cpe:/o:mitsubishielectric:r120psfcpu_firmware" :
{"versionEndIncluding" : "11", "family" : "MELSECiQR"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mitsubishielectric | r08psfcpu_firmware | cpe:/o:mitsubishielectric:r08psfcpu_firmware | |
| mitsubishielectric | r16sfcpu_firmware | cpe:/o:mitsubishielectric:r16sfcpu_firmware | |
| mitsubishielectric | r08sfcpu_firmware | cpe:/o:mitsubishielectric:r08sfcpu_firmware | |
| mitsubishielectric | r16psfcpu_firmware | cpe:/o:mitsubishielectric:r16psfcpu_firmware | |
| mitsubishielectric | r120sfcpu_firmware | cpe:/o:mitsubishielectric:r120sfcpu_firmware | |
| mitsubishielectric | r120psfcpu_firmware | cpe:/o:mitsubishielectric:r120psfcpu_firmware | |
| mitsubishielectric | r32sfcpu_firmware | cpe:/o:mitsubishielectric:r32sfcpu_firmware | |
| mitsubishielectric | r32psfcpu_firmware | cpe:/o:mitsubishielectric:r32psfcpu_firmware |
Related
nessus
nessus
thn
thn
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks
2021-08-05 09:33:00
ics
ics
Mitsubishi Electric MELSEC iQ-R Series (Update B)
2024-04-18 12:00:00
nvd
nvd
CVE-2021-20594
2021-08-06 17:15:07
CVE-2021-20597
2021-08-06 17:15:07
cve
cve
CVE-2021-20594
2021-08-06 17:15:07
CVE-2021-20597
2021-08-06 17:15:07
prion
prion
Design/Logic Flaw
2021-08-06 17:15:00
Design/Logic Flaw
2021-08-06 17:15:00
cvelist
cvelist
CVE-2021-20597
2021-08-06 00:00:00
CVE-2021-20594
2021-08-06 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.9%
Related for TENABLE_OT_MITSUBISHI_CVE-2021-20597.NASL