CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501604);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2023-2072");
script_name(english:"Rockwell Automation PowerMonitor 1000 Improper Neutralization of Input During Web Page Generation (CVE-2023-2072)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The Rockwell Automation PowerMonitor 1000 contains stored cross-site
scripting vulnerabilities within the web page of the product. The
vulnerable pages do not require privileges to access and can be
injected with code by an attacker which could be used to leverage an
attack on an authenticated user resulting in remote code execution and
potentially the complete loss of confidentiality, integrity, and
availability of the product.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c96c0ea0");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1631.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?af1d183c");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation has released the following mitigations and workarounds. Customers using the affected software are
encouraged to apply the risk mitigation below, if possible. Additionally, we encourage customers to implement our
suggested security best practices to minimize the potential risk of the vulnerability.
- Upgrade to V4.019 which has been patched to mitigate these issues.
- Rockwell Automation encourages users to implement their suggested security best practices to minimize risk of the
vulnerability.
For more information, see Rockwell Automationรขยยs Security Advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2072");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:powermonitor_1000_firmware:-");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/o:rockwellautomation:powermonitor_1000_firmware:-" :
{"versionEndExcluding": "4.019", "versionStartIncluding": "4.011", "family" : "PowerMonitor1000"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
58.1%