Hanwha Vision Cameras Uncaught Exception (CVE-2023-5038)

high Tenable OT Security Plugin ID 502294

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A flaw that allows for a unauthenticated DoS attack exists on Hanwha Vision camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?9c376c86

Plugin Details

Severity: High

ID: 502294

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 7/9/2024

Updated: 7/10/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-5038

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:hanwhavision:xno-9083r_firmware, cpe:/o:hanwhavision:pnm-9085rqz_firmware, cpe:/o:hanwhavision:pnm-9084rqz1_firmware, cpe:/o:hanwhavision:qno-6022r_firmware, cpe:/o:hanwhavision:xnp-c6403_firmware, cpe:/o:hanwhavision:qnv-6022r_firmware, cpe:/o:hanwhavision:xnf-9010rs_firmware, cpe:/o:hanwhavision:pnm-9084qz1_firmware, cpe:/o:hanwhavision:qnd-7012r_firmware, cpe:/o:hanwhavision:qno-6032r_firmware, cpe:/o:hanwhavision:ano-l6022r_firmware, cpe:/o:hanwhavision:ane-l7012r_firmware, cpe:/o:hanwhavision:qne-8011r_firmware, cpe:/o:hanwhavision:qno-8080r_firmware, cpe:/o:hanwhavision:xnd-c8083rv_firmware, cpe:/o:hanwhavision:qnd-8020r_firmware, cpe:/o:hanwhavision:pnm-c9022rv_firmware, cpe:/o:hanwhavision:anv-l6012r_firmware, cpe:/o:hanwhavision:qnv-8020r_firmware, cpe:/o:hanwhavision:xno-6083r_firmware, cpe:/o:hanwhavision:xnv-8083z_firmware, cpe:/o:hanwhavision:qnv-8030r_firmware, cpe:/o:hanwhavision:qno-6012r_firmware, cpe:/o:hanwhavision:qnd-6021_firmware, cpe:/o:hanwhavision:ano-l6012r_firmware, cpe:/o:hanwhavision:xnp-c8253r_firmware, cpe:/o:hanwhavision:qno-8030r_firmware, cpe:/o:hanwhavision:qnd-8011_firmware, cpe:/o:hanwhavision:xnv-c7083r_firmware, cpe:/o:hanwhavision:qno-8020r_firmware, cpe:/o:hanwhavision:qnd-6082r_firmware, cpe:/o:hanwhavision:qnv-6012r_firmware, cpe:/o:hanwhavision:qnd-6012r_firmware, cpe:/o:hanwhavision:xnd-9083rv_firmware, cpe:/o:hanwhavision:ano-l7082r_firmware, cpe:/o:hanwhavision:xnv-c9083r_firmware, cpe:/o:hanwhavision:anv-l7082r_firmware, cpe:/o:hanwhavision:qno-6014r_firmware, cpe:/o:hanwhavision:qnd-6032r_firmware, cpe:/o:hanwhavision:xnb-9002_firmware, cpe:/o:hanwhavision:xnp-c9303rw_firmware, cpe:/o:hanwhavision:anv-l6082r_firmware, cpe:/o:hanwhavision:pnm-9322vqp_firmware, cpe:/o:hanwhavision:ano-l7022r_firmware, cpe:/o:hanwhavision:qnv-6023r_firmware, cpe:/o:hanwhavision:qnv-8080r_firmware, cpe:/o:hanwhavision:qnd-8021_firmware, cpe:/o:hanwhavision:lnd-6072r_firmware, cpe:/o:hanwhavision:qnv-7022r_firmware, cpe:/o:hanwhavision:xnd-8083rv_firmware, cpe:/o:hanwhavision:lno-6032r_firmware, cpe:/o:hanwhavision:lno-6072r_firmware, cpe:/o:hanwhavision:qnd-8030r_firmware, cpe:/o:hanwhavision:xnp-c6403r_firmware, cpe:/o:hanwhavision:anv-l6023r_firmware, cpe:/o:hanwhavision:xnv-6083rz_firmware, cpe:/o:hanwhavision:ane-l6012r_firmware, cpe:/o:hanwhavision:pnm-12082rvd_firmware, cpe:/o:hanwhavision:qnv-6032r_firmware, cpe:/o:hanwhavision:xnp-8250_firmware, cpe:/o:hanwhavision:qno-8010r_firmware, cpe:/o:hanwhavision:anv-l7012r_firmware, cpe:/o:hanwhavision:qnd-7022r_firmware, cpe:/o:hanwhavision:xnd-c9083rv_firmware, cpe:/o:hanwhavision:qnv-6082r_firmware, cpe:/o:hanwhavision:xnd-8082rv_firmware, cpe:/o:hanwhavision:lnd-6032r_firmware, cpe:/o:hanwhavision:qno-6073r_firmware, cpe:/o:hanwhavision:qnv-6072r1_firmware, cpe:/o:hanwhavision:qno-7082r_firmware, cpe:/o:hanwhavision:xnb-6003_firmware, cpe:/o:hanwhavision:xnp-9250r_firmware, cpe:/o:hanwhavision:qnv-6032r1_firmware, cpe:/o:hanwhavision:xnv-c8083r_firmware, cpe:/o:hanwhavision:xnp-9300rw_firmware, cpe:/o:hanwhavision:lno-6022r_firmware, cpe:/o:hanwhavision:qnd-6011_firmware, cpe:/o:hanwhavision:xnp-c8303rw_firmware, cpe:/o:hanwhavision:tnv-c7013rc_firmware, cpe:/o:hanwhavision:xnp-c9253r_firmware, cpe:/o:hanwhavision:xnd-9082rf_firmware, cpe:/o:hanwhavision:xnv-c6083_firmware, cpe:/o:hanwhavision:qnv-6014r_firmware, cpe:/o:hanwhavision:xnv-6123r_firmware, cpe:/o:hanwhavision:qnd-7082r_firmware, cpe:/o:hanwhavision:xnv-6083z_firmware, cpe:/o:hanwhavision:qnv-7032r_firmware, cpe:/o:hanwhavision:xnd-c6083rv_firmware, cpe:/o:hanwhavision:xno-c9083r_firmware, cpe:/o:hanwhavision:xnd-9082rv_firmware, cpe:/o:hanwhavision:qno-7022r_firmware, cpe:/o:hanwhavision:xnp-c8253_firmware, cpe:/o:hanwhavision:pnm-9022v_firmware, cpe:/o:hanwhavision:qnv-6072r_firmware, cpe:/o:hanwhavision:qno-6083r_firmware, cpe:/o:hanwhavision:qnd-6072r1_firmware, cpe:/o:hanwhavision:xnp-c6403rw_firmware, cpe:/o:hanwhavision:pnm-9084qz_firmware, cpe:/o:hanwhavision:qno-6012r1_firmware, cpe:/o:hanwhavision:lnv-6072r_firmware, cpe:/o:hanwhavision:xnv-6083r_firmware, cpe:/o:hanwhavision:qnd-7032r_firmware, cpe:/o:hanwhavision:qnd-6082r1_firmware, cpe:/o:hanwhavision:xnv-9083rz_firmware, cpe:/o:hanwhavision:qnv-6012r1_firmware, cpe:/o:hanwhavision:pnm-9000qb_firmware, cpe:/o:hanwhavision:qnv-7082r_firmware, cpe:/o:hanwhavision:qnd-6012r1_firmware, cpe:/o:hanwhavision:xnd-c7083rv_firmware, cpe:/o:hanwhavision:lno-6012r_firmware, cpe:/o:hanwhavision:xnv-9083r_firmware, cpe:/o:hanwhavision:xnf-9010rv_firmware, cpe:/o:hanwhavision:qnv-6083r_firmware, cpe:/o:hanwhavision:pnm-9084rqz_firmware, cpe:/o:hanwhavision:ano-l7012r_firmware, cpe:/o:hanwhavision:lnv-6032r_firmware, cpe:/o:hanwhavision:pnm-7002vd_firmware, cpe:/o:hanwhavision:qno-6082r_firmware, cpe:/o:hanwhavision:xno-8083r_firmware, cpe:/o:hanwhavision:xno-c7083r_firmware, cpe:/o:hanwhavision:qnd-6022r1_firmware, cpe:/o:hanwhavision:xnp-9250_firmware, cpe:/o:hanwhavision:ano-l6082r_firmware, cpe:/o:hanwhavision:qno-6072r_firmware, cpe:/o:hanwhavision:qnv-6022r1_firmware, cpe:/o:hanwhavision:xnv-9082r_firmware, cpe:/o:hanwhavision:qnd-6073r_firmware, cpe:/o:hanwhavision:xnf-9013rv_firmware, cpe:/o:hanwhavision:xno-8082r_firmware, cpe:/o:hanwhavision:lnd-6022r_firmware, cpe:/o:hanwhavision:xno-9082r_firmware, cpe:/o:hanwhavision:lnv-6022r_firmware, cpe:/o:hanwhavision:qno-6082r1_firmware, cpe:/o:hanwhavision:xnp-6400r_firmware, cpe:/o:hanwhavision:pnm-9031rv_firmware, cpe:/o:hanwhavision:xnb-9003_firmware, cpe:/o:hanwhavision:xnv-8083rz_firmware, cpe:/o:hanwhavision:qnv-8010r_firmware, cpe:/o:hanwhavision:qnv-7012r_firmware, cpe:/o:hanwhavision:xnv-8093r_firmware, cpe:/o:hanwhavision:qno-7032r_firmware, cpe:/o:hanwhavision:qnv-6082r1_firmware, cpe:/o:hanwhavision:xnp-8300rw_firmware, cpe:/o:hanwhavision:lnv-6012r_firmware, cpe:/o:hanwhavision:qno-7012r_firmware, cpe:/o:hanwhavision:xnp-6400rw_firmware, cpe:/o:hanwhavision:xnb-8002_firmware, cpe:/o:hanwhavision:xnb-8003_firmware, cpe:/o:hanwhavision:xno-6123r_firmware, cpe:/o:hanwhavision:qnd-8010r_firmware, cpe:/o:hanwhavision:qno-6072r1_firmware, cpe:/o:hanwhavision:xnv-c6083r_firmware, cpe:/o:hanwhavision:qnd-6083r_firmware, cpe:/o:hanwhavision:pnm-8082vt_firmware, cpe:/o:hanwhavision:xnp-6400_firmware, cpe:/o:hanwhavision:qnv-6084r_firmware, cpe:/o:hanwhavision:xno-c6083r_firmware, cpe:/o:hanwhavision:xnv-8083r_firmware, cpe:/o:hanwhavision:qno-6022r1_firmware, cpe:/o:hanwhavision:qnd-8080r_firmware, cpe:/o:hanwhavision:xnp-c9253_firmware, cpe:/o:hanwhavision:pnm-9085rqz1_firmware, cpe:/o:hanwhavision:qnd-6022r_firmware, cpe:/o:hanwhavision:xnp-8250r_firmware, cpe:/o:hanwhavision:qnv-6073r_firmware, cpe:/o:hanwhavision:qno-6032r1_firmware, cpe:/o:hanwhavision:xnd-8082rf_firmware, cpe:/o:hanwhavision:pnm-7082rvd_firmware, cpe:/o:hanwhavision:lnd-6012r_firmware, cpe:/o:hanwhavision:xno-c8083r_firmware, cpe:/o:hanwhavision:xnv-8082r_firmware, cpe:/o:hanwhavision:qnb-8002_firmware, cpe:/o:hanwhavision:xnp-c9310r_firmware, cpe:/o:hanwhavision:xnb-6002_firmware, cpe:/o:hanwhavision:xnd-6083rv_firmware, cpe:/o:hanwhavision:qne-8021r_firmware, cpe:/o:hanwhavision:qnv-6024rm_firmware, cpe:/o:hanwhavision:xnd-8093rv_firmware, cpe:/o:hanwhavision:xnf-9010rvm_firmware, cpe:/o:hanwhavision:qnd-6032r1_firmware, cpe:/o:hanwhavision:qnd-6072r_firmware, cpe:/o:hanwhavision:pnm-9002vq_firmware, cpe:/o:hanwhavision:qno-6084r_firmware

Required KB Items: Tenable.ot/HanwhaVision

Exploit Ease: No known exploits are available

Patch Publication Date: 6/25/2024

Vulnerability Publication Date: 6/25/2024

Reference Information

CVE: CVE-2023-5038

CWE: 248, 703