Sign-up

ID

VAR-201611-0391


TITLE

ABB RobotWare Authentication vulnerability

Trust: 0.8

sources: IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // CNVD: CNVD-2016-10593

DESCRIPTION

ABB is a leader in power and automation technology among the world's top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A remote code-execution vulnerability 3. The following versions are affected: RobotWare 5.x versions prior to 5.15.13 RobotWare 5.6x versions prior t o 5.61.07 RobotWare 6.x versions prior to 6.0 4 .0 0

Trust: 2.43

sources: CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591 // BID: 94034 // IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7 // IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.4

sources: IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7 // IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad // CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591

AFFECTED PRODUCTS

vendor:abbmodel:robotwarescope:eqversion:5.x<5.15.13

Trust: 2.4

vendor:abbmodel:robotwarescope:eqversion:5.6x<5.61.07

Trust: 2.4

vendor:abbmodel:robotwarescope:eqversion:6.x<6.04.00

Trust: 2.4

vendor:abbmodel:robotwarescope:eqversion:6.0

Trust: 0.3

vendor:abbmodel:robotwarescope:eqversion:5.60

Trust: 0.3

vendor:abbmodel:robotwarescope:eqversion:5.0

Trust: 0.3

vendor:abbmodel:robotwarescope:neversion:6.04.00

Trust: 0.3

vendor:abbmodel:robotwarescope:neversion:5.61.07

Trust: 0.3

vendor:abbmodel:robotwarescope:neversion:5.15.13

Trust: 0.3

sources: IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7 // IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad // CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591 // BID: 94034

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-10593
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-10592
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-10591
value: MEDIUM

Trust: 0.6

IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49
value: HIGH

Trust: 0.2

IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7
value: MEDIUM

Trust: 0.2

IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad
value: HIGH

Trust: 0.2

CNVD: CNVD-2016-10593
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-10592
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-10591
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7 // IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad // CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591

THREAT TYPE

network

Trust: 0.3

sources: BID: 94034

TYPE

Unknown

Trust: 0.3

sources: BID: 94034

PATCH

title:Patch for ABB RobotWare Authentication Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/83511

Trust: 0.6

title:Patch for ABB RobotWare Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/83509

Trust: 0.6

title:ABB RobotWare has multiple patches for buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/83508

Trust: 0.6

sources: CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591

EXTERNAL IDS

db:BIDid:94034

Trust: 2.1

db:CNVDid:CNVD-2016-10593

Trust: 0.8

db:CNVDid:CNVD-2016-10591

Trust: 0.8

db:CNVDid:CNVD-2016-10592

Trust: 0.8

db:IVDid:14BAA0DB-8F92-4DCE-A76C-1B9498A20B49

Trust: 0.2

db:IVDid:300C7966-AFA9-497E-B43B-BEEB7F4ABCF7

Trust: 0.2

db:IVDid:8E4EF4C6-6BD1-40E1-A98F-7A82E8E3BBAD

Trust: 0.2

sources: IVD: 14baa0db-8f92-4dce-a76c-1b9498a20b49 // IVD: 300c7966-afa9-497e-b43b-beeb7f4abcf7 // IVD: 8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad // CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591 // BID: 94034

REFERENCES

url:http://www.securityfocus.com/bid/94034

Trust: 1.2

url:http://www.securityfocus.com/bid/94034/

Trust: 0.6

url:http://www.abb.com/

Trust: 0.3

url:https://library.e.abb.com/public/09da4d2b396841f6911ba1b06178fcb9/si20107%20-%20advisory%20for%20multiple%20vulnerabilities%20in%20abb%20robotware.pdf

Trust: 0.3

sources: CNVD: CNVD-2016-10593 // CNVD: CNVD-2016-10592 // CNVD: CNVD-2016-10591 // BID: 94034

CREDITS

Davide Quarta, Marcello Pogliani, Mario Polino and Stefano Zanero from Politecnico di Milano.

Trust: 0.3

sources: BID: 94034

SOURCES

db:IVDid:14baa0db-8f92-4dce-a76c-1b9498a20b49
db:IVDid:300c7966-afa9-497e-b43b-beeb7f4abcf7
db:IVDid:8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad
db:CNVDid:CNVD-2016-10593
db:CNVDid:CNVD-2016-10592
db:CNVDid:CNVD-2016-10591
db:BIDid:94034

LAST UPDATE DATE

2022-05-17T01:41:08.878000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-10593date:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10592date:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10591date:2016-11-04T00:00:00
db:BIDid:94034date:2016-11-24T01:07:00

SOURCES RELEASE DATE

db:IVDid:14baa0db-8f92-4dce-a76c-1b9498a20b49date:2016-11-04T00:00:00
db:IVDid:300c7966-afa9-497e-b43b-beeb7f4abcf7date:2016-11-04T00:00:00
db:IVDid:8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbaddate:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10593date:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10592date:2016-11-04T00:00:00
db:CNVDid:CNVD-2016-10591date:2016-11-04T00:00:00
db:BIDid:94034date:2016-11-01T00:00:00