Moxa MGate Authentication Bypass (CVE-2016-5804)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501520);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/03");

  script_cve_id("CVE-2016-5804");

  script_name(english:"Moxa MGate Authentication Bypass (CVE-2016-5804)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480
before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use
weak encryption, which allows remote attackers to bypass
authentication via a brute-force series of guesses for a parameter
value.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5804");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(326);

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3170_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3180_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3270_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3280_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:moxa:mgate_mb3480_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Moxa");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Moxa');

var asset = tenable_ot::assets::get(vendor:'Moxa');

var vuln_cpes = {
    "cpe:/o:moxa:mgate_mb3180_firmware" :
        {"versionEndExcluding" : "1.8", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3280_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3480_firmware" :
        {"versionEndExcluding" : "2.6", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3170_firmware" :
        {"versionEndExcluding" : "2.5", "family" : "MoxaMGate"},
    "cpe:/o:moxa:mgate_mb3270_firmware" :
        {"versionEndExcluding" : "2.7", "family" : "MoxaMGate"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);