A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability exists on EcoStruxure Machine Expert Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500863);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");
script_cve_id("CVE-2020-7489");
script_name(english:"Schneider Electric EcoStruxure Machine Expert Injection (CVE-2020-7489)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A CWE-74: Improper Neutralization of Special Elements in Output Used
by a Downstream Component ('Injection') vulnerability exists on
EcoStruxure Machine Expert Basic or SoMachine Basic programming
software (versions in security notification). The result of this
vulnerability, DLL substitution, could allow the transference of
malicious code to the controller.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.se.com/ww/en/download/document/SEVD-2020-105-01");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7489");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(74);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/22");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m100_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m200_series_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:schneider-electric:modicon_m221_series_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Schneider");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Schneider');
var asset = tenable_ot::assets::get(vendor:'Schneider');
var vuln_cpes = {
"cpe:/o:schneider-electric:modicon_m100_series_firmware" :
{"family" : "ModiconEasyM100"},
"cpe:/o:schneider-electric:modicon_m200_series_firmware" :
{"family" : "ModiconEasyM200"},
"cpe:/o:schneider-electric:modicon_m221_series_firmware" :
{"family" : "ModiconM221"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);