Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2020-7487)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500854);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");

  script_cve_id("CVE-2020-7487");

  script_name(english:"Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2020-7487)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A CWE-345: Insufficient Verification of Data Authenticity
vulnerability exists which could allow the attacker to execute
malicious code on the Modicon M218, M241, M251, and M258 controllers.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-105-02");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7487");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(345);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m218_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m241_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m251_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m258_series_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/o:schneider-electric:modicon_m218_series_firmware" :
        {"family" : "ModiconM218"},
    "cpe:/o:schneider-electric:modicon_m241_series_firmware" :
        {"family" : "ModiconM241"},
    "cpe:/o:schneider-electric:modicon_m251_series_firmware" :
        {"family" : "ModiconM251"},
    "cpe:/o:schneider-electric:modicon_m258_series_firmware" :
        {"family" : "ModiconM258"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);