Sign-up

ID

VAR-201311-0452


TITLE

ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability

Trust: 1.7

sources: IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14743 // BID: 63904 // CNNVD: CNNVD-201311-435

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.88

sources: ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744 // CNNVD: CNNVD-201311-435 // BID: 63904 // IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744

AFFECTED PRODUCTS

vendor:abbmodel:test signal viewerscope:eqversion:1.x

Trust: 0.8

vendor:abbmodel:robotwarescope:eqversion:5.x

Trust: 0.8

vendor:abbmodel:robotstudioscope: - version: -

Trust: 0.7

vendor:abbmodel:test signal viewerscope:eqversion:1.4

Trust: 0.3

vendor:abbmodel:robotstudioscope:eqversion:5.15.02

Trust: 0.3

vendor:abbmodel:test signal viewerscope:neversion:1.5

Trust: 0.3

vendor:abbmodel:robotstudioscope:neversion:5.15.03

Trust: 0.3

sources: IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744 // BID: 63904

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: ZDI-13-253
value: HIGH

Trust: 0.7

CNVD: CNVD-2013-14743
value: HIGH

Trust: 0.6

CNVD: CNVD-2013-14744
value: HIGH

Trust: 0.6

IVD: 555598f6-1efb-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

ZDI: ZDI-13-253
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2013-14743
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2013-14744
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 555598f6-1efb-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-435

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201311-435

PATCH

title:ABB has issued an update to correct this vulnerability.url:http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf

Trust: 0.7

title:ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/41340

Trust: 0.6

title:ABB RobotWare CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/41341

Trust: 0.6

sources: ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744

EXTERNAL IDS

db:ZDIid:ZDI-13-253

Trust: 1.6

db:BIDid:63904

Trust: 1.5

db:CNVDid:CNVD-2013-14743

Trust: 0.8

db:CNVDid:CNVD-2013-14744

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1834

Trust: 0.7

db:CNNVDid:CNNVD-201311-435

Trust: 0.6

db:IVDid:555598F6-1EFB-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:574F7F8C-1EFB-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 555598f6-1efb-11e6-abef-000c29c66e3d // IVD: 574f7f8c-1efb-11e6-abef-000c29c66e3d // ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744 // BID: 63904 // CNNVD: CNNVD-201311-435

REFERENCES

url:http://www.securityfocus.com/bid/63904

Trust: 1.2

url:http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf

Trust: 1.0

url:http://www.zerodayinitiative.com/advisories/zdi-13-253/

Trust: 0.9

url:http://www.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/

Trust: 0.6

url:http://new.abb.com/products/robotics/robotstudio

Trust: 0.3

sources: ZDI: ZDI-13-253 // CNVD: CNVD-2013-14743 // CNVD: CNVD-2013-14744 // BID: 63904 // CNNVD: CNNVD-201311-435

CREDITS

Andrea Micalizzi

Trust: 0.9

sources: BID: 63904 // CNNVD: CNNVD-201311-435

SOURCES

db:IVDid:555598f6-1efb-11e6-abef-000c29c66e3d
db:IVDid:574f7f8c-1efb-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-13-253
db:CNVDid:CNVD-2013-14743
db:CNVDid:CNVD-2013-14744
db:BIDid:63904
db:CNNVDid:CNNVD-201311-435

LAST UPDATE DATE

2022-05-17T02:00:03.152000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-13-253date:2013-11-24T00:00:00
db:CNVDid:CNVD-2013-14743date:2013-11-27T00:00:00
db:CNVDid:CNVD-2013-14744date:2013-11-27T00:00:00
db:BIDid:63904date:2013-11-24T00:00:00
db:CNNVDid:CNNVD-201311-435date:2013-12-23T00:00:00

SOURCES RELEASE DATE

db:IVDid:555598f6-1efb-11e6-abef-000c29c66e3ddate:2013-11-27T00:00:00
db:IVDid:574f7f8c-1efb-11e6-abef-000c29c66e3ddate:2013-11-27T00:00:00
db:ZDIid:ZDI-13-253date:2013-11-24T00:00:00
db:CNVDid:CNVD-2013-14743date:2013-11-27T00:00:00
db:CNVDid:CNVD-2013-14744date:2013-11-27T00:00:00
db:BIDid:63904date:2013-11-24T00:00:00
db:CNNVDid:CNNVD-201311-435date:2013-11-24T00:00:00