Rockwell Automation Logix controllers Improper Input Validation (CVE-2022-3752)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500726);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-3752");

  script_name(english:"Rockwell Automation Logix controllers Improper Input Validation (CVE-2022-3752)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"An unauthorized user could use a specially crafted sequence of
Ethernet/IP messages, combined with heavy traffic loading to cause a
denial-of-service condition in Rockwell Automation Logix controllers
resulting in a major non-recoverable fault. If the target device
becomes unavailable, a user would have to clear the fault and
redownload the user project file to bring the device back online and
continue normal operation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df6523e0");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-342-03");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN1609.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e685dacf");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation released firmware versions addressing this vulnerability and recommends users upgrade to the
appropriate version:");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3752");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compact_guardlogix_5380_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compactlogix_5380_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compactlogix_5480_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:compactlogix_5580_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:guardlogix_5580_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:compactlogix_5480_firmware:32" :
        {"versionEndExcluding" : "32.016", "versionStartIncluding" : "32.011", "family" : "CompactLogix5480"},
    "cpe:/o:rockwellautomation:compactlogix_5480_firmware:33" :
        {"versionEndExcluding" : "33.015", "versionStartIncluding" : "33.011", "family" : "CompactLogix5480"},
    "cpe:/o:rockwellautomation:compactlogix_5580_firmware:31" :
        {"versionEndExcluding" : "32.016", "versionStartIncluding" : "31.011", "family" : "CompactLogix"},
    "cpe:/o:rockwellautomation:compactlogix_5580_firmware:33" :
        {"versionEndExcluding" : "33.015", "versionStartIncluding" : "33.011", "family" : "CompactLogix"},
    "cpe:/o:rockwellautomation:guardlogix_5580_firmware:31" :
        {"versionEndExcluding" : "32.016", "versionStartIncluding" : "31.011", "family" : "GuardLogix5580"},
    "cpe:/o:rockwellautomation:guardlogix_5580_firmware:33" :
        {"versionEndExcluding" : "33.015", "versionStartIncluding" : "33.011", "family" : "GuardLogix5580"},
    "cpe:/o:rockwellautomation:compact_guardlogix_5380_firmware:31" :
        {"versionEndExcluding" : "32.016", "versionStartIncluding" : "31.011", "family" : "GuardLogix5380"},
    "cpe:/o:rockwellautomation:compact_guardlogix_5380_firmware:33" :
        {"versionEndExcluding" : "33.015", "versionStartIncluding" : "33.011", "family" : "GuardLogix5380"},
    "cpe:/o:rockwellautomation:compactlogix_5380_firmware:31" :
        {"versionEndExcluding" : "32.016", "versionStartIncluding" : "31.011", "family" : "CompactLogix5380"},
    "cpe:/o:rockwellautomation:compactlogix_5380_firmware:33" :
        {"versionEndExcluding" : "33.015", "versionStartIncluding" : "33.011", "family" : "CompactLogix5380"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);