Search criteria
10 vulnerabilities found for robotstudio by abb
VAR-201204-0126
Vulnerability from variot - Updated: 2023-12-18 13:57Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. ABB is a leader in power and automation technology among the world's top 500 companies. ABB's multiple products include COM and ActiveX controls that do not adequately check user input data, and an attacker builds a malicious WEB page, convincing the user to parse, spilling the stack pointer or causing control to stop. Multiple ABB products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control (typically Internet Explorer). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: ABB Multiple Products ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA48693
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48693/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48693
RELEASE DATE: 2012-04-05
DISCUSS ADVISORY: http://secunia.com/advisories/48693/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48693/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48693
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in various ABB products, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in an unspecified ActiveX control and can be exploited to cause a stack-based buffer overflow.
Successful exploitation may allow execution of arbitrary code. Instead, set the kill-bit for the affected ActiveX control (contact the vendor for more information).
PROVIDED AND/OR DISCOVERED BY: Terry McCorkle and Billy Rios
ORIGINAL ADVISORY: ABB-VU-DMRO-41532: http://www.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf
ICSA-12-095-01: http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interlink module",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "quickteach",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "robotstudio s4",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "robotstudio lite",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "webware sdk",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "s4 opc server",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "s4 opc server",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "quickteach",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.0"
},
{
"model": "webware server",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.6"
},
{
"model": "webware server",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.91"
},
{
"model": "webware sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.6"
},
{
"model": "webware sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.9"
},
{
"model": "robotstudio s4",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "0"
},
{
"model": "robotstudio lite",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "0"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "5.14.01"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "5.14.02"
},
{
"model": "interlink module",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.6"
},
{
"model": "interlink module",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "4.9"
},
{
"model": "interlink module",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "robotstudio lite",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "robotstudio s4",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "webware sdk",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "webware sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "s4 opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "quickteach",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "interlink module",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "interlink module",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "quickteach",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio lite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio s4",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "s4 opc server",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webware sdk",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webware server",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "BID",
"id": "52888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:s4_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:quickteach:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio_lite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio_s4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1801"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Terry McCorkle and Billy Rios",
"sources": [
{
"db": "BID",
"id": "52888"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-1801",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-55082",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1801",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-021",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-55082",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. ABB is a leader in power and automation technology among the world\u0027s top 500 companies. ABB\u0027s multiple products include COM and ActiveX controls that do not adequately check user input data, and an attacker builds a malicious WEB page, convincing the user to parse, spilling the stack pointer or causing control to stop. Multiple ABB products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control (typically Internet Explorer). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nABB Multiple Products ActiveX Control Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA48693\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48693/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48693\n\nRELEASE DATE:\n2012-04-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48693/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48693/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48693\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in various ABB products, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in an unspecified ActiveX\ncontrol and can be exploited to cause a stack-based buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. Instead, set the kill-bit for the\naffected ActiveX control (contact the vendor for more information). \n\nPROVIDED AND/OR DISCOVERED BY:\nTerry McCorkle and Billy Rios\n\nORIGINAL ADVISORY:\nABB-VU-DMRO-41532:\nhttp://www.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf\n\nICSA-12-095-01:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "BID",
"id": "52888"
},
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "PACKETSTORM",
"id": "111606"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1801",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-095-01A",
"trust": 2.5
},
{
"db": "BID",
"id": "52888",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48693",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-12-095-01",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-1780",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19296",
"trust": 0.6
},
{
"db": "IVD",
"id": "F0E62F68-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111606",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "BID",
"id": "52888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "PACKETSTORM",
"id": "111606"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"id": "VAR-201204-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "VULHUB",
"id": "VHN-55082"
}
],
"trust": 1.4885416624999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
}
]
},
"last_update_date": "2023-12-18T13:57:54.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB-VU-DMRO-41532",
"trust": 0.8,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/si10231a2%20rev%200.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-095-01a.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52888"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48693"
},
{
"trust": 1.0,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-095-01.pdf"
},
{
"trust": 1.0,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/%24file/si10231a2%20rev%200.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1801"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1801"
},
{
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/si10231a2%20rev%200.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19296"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48693"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48693/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48693/#comments"
},
{
"trust": 0.1,
"url": "http://www.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/si10231a2%20rev%200.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "BID",
"id": "52888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "PACKETSTORM",
"id": "111606"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"db": "VULHUB",
"id": "VHN-55082"
},
{
"db": "BID",
"id": "52888"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"db": "PACKETSTORM",
"id": "111606"
},
{
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-09T00:00:00",
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"date": "2012-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-55082"
},
{
"date": "2012-04-04T00:00:00",
"db": "BID",
"id": "52888"
},
{
"date": "2012-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"date": "2012-04-05T05:30:16",
"db": "PACKETSTORM",
"id": "111606"
},
{
"date": "2012-04-18T10:33:35.417000",
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"date": "2012-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1780"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-55082"
},
{
"date": "2012-04-04T00:00:00",
"db": "BID",
"id": "52888"
},
{
"date": "2012-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002095"
},
{
"date": "2023-11-07T02:10:20.220000",
"db": "NVD",
"id": "CVE-2012-1801"
},
{
"date": "2012-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABB Product stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "f0e62f68-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-021"
}
],
"trust": 0.8
}
}
VAR-201203-0282
Vulnerability from variot - Updated: 2023-12-18 13:34Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem). ABB WebWare Server is a software product used primarily for production data control. RobNetScanHost.exe provided by ABB WebWare Server has security flaws. ABB WebWare Server is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
TITLE: ABB Multiple Products RobNetScanHost.exe Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA48090
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48090
RELEASE DATE: 2012-02-23
DISCUSS ADVISORY: http://secunia.com/advisories/48090/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48090/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48090
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in multiple ABB products, which can be exploited by malicious people to compromise a vulnerable system. * PickMaster 3 version 3.3 and prior. * PickMaster 5 version 5.13 and prior. * WebWare SDK and ABB Interlink Module versions 4.6 through 4.9. * WebWare Server versions 4.6 through 4.91.
SOLUTION: Update to a fixed version or apply patch (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma via ZDI.
ORIGINAL ADVISORY: ABB: http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-12-033/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-033 February 22, 2012
-
-- CVE ID:
-
-- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C
-
-- Affected Vendors:
ABB
- -- Affected Products:
ABB WebWare
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11594.
-
-- Vendor Response:
ABB has issued an update to correct this vulnerability. More details can be found at:
http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf
- -- Disclosure Timeline: 2011-10-10 - Vulnerability reported to vendor
2012-02-22 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Luigi Auriemma
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPRUiZAAoJEFVtgMGTo1sc9REIAKdxGGjQNRsQBQh7OZ3Bbfz2 vbul36hrqRdCxEmV++F5LcoFSpXmRx7Wjc6FHcUKkGGbRQ7+I9zjAi4CzwubSjCY zk+G0v324lSwQ7be6bxp5kGl5UTjVDczlfyjG2K2QSPBitz/RpkhpaTDXJcBALLR lx8KOxgAT9TGEodE5pjG2R2eCeDgrV34q5+xu3hdMQYWgvdYqoL39OHw/7QMjIOT NO1hYzGpadTcRuXwDzkpsJi+Gx03DinnlJ1VjUaXPfdbnN7IpGoON7yaYkjXDBVf NHA2pvKBl0mRjevIy/uQqJpsG8KC4eR5pHdl/lTKV61vb45zAyewDo5EM9xl6J0= =DeOF -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interlink module",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "robview 5",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "pc sdk",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "webware sdk",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "pickmaster 5",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "irc5 opc server",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "pickmaster 3",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": null
},
{
"model": "webware server",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "robot communications runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.14.01"
},
{
"model": "interlink module",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "irc5 opc server",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pc sdk",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pickmaster 3",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "pickmaster 5",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "robot communications runtime",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "5.14.02"
},
{
"model": "robotstudio",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "robview 5",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "webware sdk",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "webware",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"model": "robot communications runtime",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.14.01"
},
{
"model": "webware server",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "webware server null",
"scope": "eq",
"trust": 0.2,
"vendor": "abb",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "interlink module",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "irc5 opc server",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pc sdk",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pickmaster 3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pickmaster 5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robot runtime",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robview 5",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webware sdk",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webware server",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "BID",
"id": "52123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:pickmaster_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:pc_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:irc5_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:pickmaster_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robview_5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robot_communications_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.14.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma via TippingPoint Zero Day Initiative.",
"sources": [
{
"db": "BID",
"id": "52123"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-0245",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ZDI-12-033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "0b350900-1f73-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:C",
"version": "2.0 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0a403210-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-53526",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0245",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "ZDI-12-033",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-197",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-53526",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of \u0027Netscan\u0027 packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem). ABB WebWare Server is a software product used primarily for production data control. RobNetScanHost.exe provided by ABB WebWare Server has security flaws. ABB WebWare Server is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. ----------------------------------------------------------------------\n\nSecunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March\nListen to our Chief Security Specialist, Research Analyst Director, and Director Product Management \u0026 Quality Assurance discuss the industry\u0027s key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm\n\n----------------------------------------------------------------------\n\nTITLE:\nABB Multiple Products RobNetScanHost.exe Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA48090\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48090/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48090\n\nRELEASE DATE:\n2012-02-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48090/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48090/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48090\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple ABB products, which can\nbe exploited by malicious people to compromise a vulnerable system. \n* PickMaster 3 version 3.3 and prior. \n* PickMaster 5 version 5.13 and prior. \n* WebWare SDK and ABB Interlink Module versions 4.6 through 4.9. \n* WebWare Server versions 4.6 through 4.91. \n\nSOLUTION:\nUpdate to a fixed version or apply patch (please see the vendor\u0027s\nadvisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma via ZDI. \n\nORIGINAL ADVISORY:\nABB:\nhttp://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-033/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution\nVulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-033\nFebruary 22, 2012\n\n- -- CVE ID:\n\n\n- -- CVSS:\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\n\n- -- Affected Vendors:\n\nABB\n\n\n\n- -- Affected Products:\n\nABB WebWare\n\n\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 11594. \n\n- -- Vendor Response:\n\nABB has issued an update to correct this vulnerability. More details can\nbe found at:\n\nhttp://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf\n\n\n\n\n- -- Disclosure Timeline:\n2011-10-10 - Vulnerability reported to vendor\n\n2012-02-22 - Coordinated public release of advisory\n\n\n\n- -- Credit:\nThis vulnerability was discovered by:\n\n* Luigi Auriemma\n\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.17 (MingW32)\n\niQEcBAEBAgAGBQJPRUiZAAoJEFVtgMGTo1sc9REIAKdxGGjQNRsQBQh7OZ3Bbfz2\nvbul36hrqRdCxEmV++F5LcoFSpXmRx7Wjc6FHcUKkGGbRQ7+I9zjAi4CzwubSjCY\nzk+G0v324lSwQ7be6bxp5kGl5UTjVDczlfyjG2K2QSPBitz/RpkhpaTDXJcBALLR\nlx8KOxgAT9TGEodE5pjG2R2eCeDgrV34q5+xu3hdMQYWgvdYqoL39OHw/7QMjIOT\nNO1hYzGpadTcRuXwDzkpsJi+Gx03DinnlJ1VjUaXPfdbnN7IpGoON7yaYkjXDBVf\nNHA2pvKBl0mRjevIy/uQqJpsG8KC4eR5pHdl/lTKV61vb45zAyewDo5EM9xl6J0=\n=DeOF\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "BID",
"id": "52123"
},
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "PACKETSTORM",
"id": "110124"
},
{
"db": "PACKETSTORM",
"id": "110090"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-12-033",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-059-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2012-0245",
"trust": 2.7
},
{
"db": "BID",
"id": "52123",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "48090",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0831",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1260",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441",
"trust": 0.6
},
{
"db": "IVD",
"id": "0B350900-1F73-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "0A403210-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-53526",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110090",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "BID",
"id": "52123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "PACKETSTORM",
"id": "110124"
},
{
"db": "PACKETSTORM",
"id": "110090"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"id": "VAR-201203-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "VULHUB",
"id": "VHN-53526"
}
],
"trust": 1.6770833250000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
}
]
},
"last_update_date": "2023-12-18T13:34:43Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SI10227A1",
"trust": 1.5,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"title": "ABB WebWare Server \u0027RobNetScanHost.exe\u0027 patch overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/10812"
},
{
"title": "ABB Industrial Robot Communication Runtime Patch 38599",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42737"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-059-01.pdf"
},
{
"trust": 2.7,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-033/"
},
{
"trust": 1.9,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52123"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48090"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"trust": 1.0,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0245"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0245"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48090"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://www.rsaconference.com/events/2012/usa/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48090/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-033"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "BID",
"id": "52123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "PACKETSTORM",
"id": "110124"
},
{
"db": "PACKETSTORM",
"id": "110090"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "VULHUB",
"id": "VHN-53526"
},
{
"db": "BID",
"id": "52123"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"db": "PACKETSTORM",
"id": "110124"
},
{
"db": "PACKETSTORM",
"id": "110090"
},
{
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-24T00:00:00",
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"date": "2012-03-12T00:00:00",
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-22T00:00:00",
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"date": "2012-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"date": "2012-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-53526"
},
{
"date": "2012-02-22T00:00:00",
"db": "BID",
"id": "52123"
},
{
"date": "2012-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"date": "2012-02-23T07:47:55",
"db": "PACKETSTORM",
"id": "110124"
},
{
"date": "2012-02-23T04:56:49",
"db": "PACKETSTORM",
"id": "110090"
},
{
"date": "2012-03-09T11:55:00.927000",
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"date": "2012-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-22T00:00:00",
"db": "ZDI",
"id": "ZDI-12-033"
},
{
"date": "2012-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"date": "2012-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-53526"
},
{
"date": "2012-02-22T00:00:00",
"db": "BID",
"id": "52123"
},
{
"date": "2012-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001730"
},
{
"date": "2023-11-07T02:09:56.467000",
"db": "NVD",
"id": "CVE-2012-0245"
},
{
"date": "2012-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"date": "2012-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110090"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB WebWare Server \u0027RobNetScanHost.exe\u0027 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0831"
},
{
"db": "BID",
"id": "52123"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "0b350900-1f73-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0a403210-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-441"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-197"
}
],
"trust": 1.6
}
}
VAR-201411-0415
Vulnerability from variot - Updated: 2023-12-18 13:34Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB is a leader in power and automation technology. ABB is committed to providing efficient and reliable solutions for a wide range of industries in terms of energy efficiency, industrial productivity and grid stability. A local code execution vulnerability exists in multiple ABB products that can be exploited by local attackers to execute arbitrary code. RobotStudio is a set of robot offline programming and simulation software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "test signal viewer",
"scope": "eq",
"trust": 2.7,
"vendor": "abb",
"version": "1.5"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 1.9,
"vendor": "abb",
"version": "5.60"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "5.61"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "5.61.01"
},
{
"model": "robotstudio",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "5.6x"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "5.61.02"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.60-5.61.01.0"
},
{
"model": "test signal",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.5"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5.61.01.01"
},
{
"model": "test signal viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.6"
},
{
"model": "robotstudio",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "5.61.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio",
"version": "5.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio",
"version": "5.61"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "robotstudio",
"version": "5.61.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "test signal viewer",
"version": "1.5"
}
],
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "BID",
"id": "70907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio:5.61.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio:5.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:test_signal_viewer:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:robotstudio:5.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5430"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchezcode",
"sources": [
{
"db": "BID",
"id": "70907"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5430",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-5430",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-08129",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-73371",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5430",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-08129",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "VULHUB",
"id": "VHN-73371"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB is a leader in power and automation technology. ABB is committed to providing efficient and reliable solutions for a wide range of industries in terms of energy efficiency, industrial productivity and grid stability. A local code execution vulnerability exists in multiple ABB products that can be exploited by local attackers to execute arbitrary code. RobotStudio is a set of robot offline programming and simulation software",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "BID",
"id": "70907"
},
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73371"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5430",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-308-01",
"trust": 2.8
},
{
"db": "BID",
"id": "70907",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-08129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292",
"trust": 0.8
},
{
"db": "IVD",
"id": "BA9F79D4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "VULHUB",
"id": "VHN-73371"
},
{
"db": "BID",
"id": "70907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"id": "VAR-201411-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "VULHUB",
"id": "VHN-73371"
}
],
"trust": 1.6420634766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
}
]
},
"last_update_date": "2023-12-18T13:34:35.808000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RobotStudio download page",
"trust": 0.8,
"url": "http://new.abb.com/products/robotics/robotstudio/downloads"
},
{
"title": "Patch for multiple ABB product native code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/51663"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-308-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5430"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5430"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70907"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "http://www05.abb.com/global/scot/scot241.nsf/veritydisplay/77c96c7153b0622e83257d81004fa8d2/$file/si20022%20-%20advisory%20for%20abb%20robotstudio%20abb-vu-dmro-13944.pdf"
},
{
"trust": 0.3,
"url": "http://www05.abb.com/global/scot/scot241.nsf/veritydisplay/05d75a65f7103ef983257d81004cd6f5/$file/si20021-advisory%20abb%20test%20signal%20viewer-abb-vu-dmro-71374.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "VULHUB",
"id": "VHN-73371"
},
{
"db": "BID",
"id": "70907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"db": "VULHUB",
"id": "VHN-73371"
},
{
"db": "BID",
"id": "70907"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"date": "2014-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-73371"
},
{
"date": "2014-10-29T00:00:00",
"db": "BID",
"id": "70907"
},
{
"date": "2014-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"date": "2014-11-07T11:55:03.767000",
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08129"
},
{
"date": "2014-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-73371"
},
{
"date": "2014-10-29T00:00:00",
"db": "BID",
"id": "70907"
},
{
"date": "2014-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005292"
},
{
"date": "2014-11-07T16:10:59.713000",
"db": "NVD",
"id": "CVE-2014-5430"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "70907"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB RobotStudio and Test Signal Viewer Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "ba9f79d4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-106"
}
],
"trust": 0.8
}
}
VAR-201311-0452
Vulnerability from variot - Updated: 2022-05-17 02:00This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "test signal viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.x"
},
{
"model": "robotware",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "5.x"
},
{
"model": "robotstudio",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"model": "test signal viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "1.4"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5.15.02"
},
{
"model": "test signal viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.5"
},
{
"model": "robotstudio",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "5.15.03"
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi",
"sources": [
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14743",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14744",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "555598f6-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-253",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14743",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14744",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world\u0027s top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-253",
"trust": 1.6
},
{
"db": "BID",
"id": "63904",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14743",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-14744",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1834",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435",
"trust": 0.6
},
{
"db": "IVD",
"id": "555598F6-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "574F7F8C-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"id": "VAR-201311-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
],
"trust": 2.296608943333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"last_update_date": "2022-05-17T02:00:03.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf"
},
{
"title": "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41340"
},
{
"title": "ABB RobotWare CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41341"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/63904"
},
{
"trust": 1.0,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-253/"
},
{
"trust": 0.6,
"url": "http://www.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/"
},
{
"trust": 0.3,
"url": "http://new.abb.com/products/robotics/robotstudio"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63904"
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63904"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.6
}
}
FKIE_CVE-2014-5430
Vulnerability from fkie_nvd - Published: 2014-11-07 11:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | robotstudio | 5.60 | |
| abb | robotstudio | 5.61 | |
| abb | robotstudio | 5.61.01 | |
| abb | test_signal_viewer | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotstudio:5.60:*:*:*:*:*:*:*",
"matchCriteriaId": "58E1E1D8-8A19-49D1-9193-A50B51A62D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotstudio:5.61:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD3D4F9-EC5C-4603-AEC7-02DF279D7B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotstudio:5.61.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F3F706-BC63-4C7E-82CC-8196BAF4F0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:test_signal_viewer:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEB0B80-6423-4FD4-8B2A-6332A6EFE752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en ABB RobotStudio 5.6x anterior a 5.61.02 y Test Signal Viewer 1.5 permite a usuarios locales ganar privilegios a trav\u00e9s de un DLL tryano al que se accede como resultado de una configuraci\u00f3n DLL incorrecta por un programa de instalaci\u00f3n opcional."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/427.html\"\u003e CWE-427: Uncontrolled Search Path Element \u003c/a\u003e",
"id": "CVE-2014-5430",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-07T11:55:03.767",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0245
Vulnerability from fkie_nvd - Published: 2012-03-09 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | interlink_module | - | |
| abb | irc5_opc_server | - | |
| abb | pc_sdk | - | |
| abb | pickmaster_3 | - | |
| abb | pickmaster_5 | - | |
| abb | robot_communications_runtime | * | |
| abb | robotstudio | - | |
| abb | robview_5 | - | |
| abb | webware_sdk | - | |
| abb | webware_server | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:interlink_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3613C59-4589-43B6-8B92-CD1D99CA5E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:irc5_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF05829-0C61-4251-8076-E83AFB6E7238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:pc_sdk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB84B0CA-7616-416A-9E19-D17AC0D3C2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:pickmaster_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A21E8F2-3019-4D63-B4C7-E05E1C530A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:pickmaster_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10859C85-C56D-4653-B59D-2668841D1B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robot_communications_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1151B6-1616-4E6D-80C0-A661A17DBDA2",
"versionEndIncluding": "5.14.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotstudio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CBB66AE-21D3-43DF-92F5-55ADD5DD41AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robview_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3136EC2C-89B2-4075-A086-0315E202B1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:webware_sdk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6E8AF2-2353-48A7-805A-A11D3D689F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:webware_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B02E9A10-D707-44BF-B37E-A457BDF3BB88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer basados ??en pila en RobNetScanHost.exe en ABB Robot Comunications Runtime antes de v5.14.02, tal y como se utiliza en el m\u00f3dulo ABB Interlink, IRC5 OPC Server, PC SDK, PickMaster v3 y v5, RobView v5, RobotStudio, WebWare SDK, y WebWare Server, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete Netscan (1) 0xA o (2) 0xE espec\u00edficamente modificado para este fin."
}
],
"id": "CVE-2012-0245",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-09T11:55:00.927",
"references": [
{
"source": "cret@cert.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48090"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/52123"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
},
{
"source": "cret@cert.org",
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-5430 (GCVE-0-2014-5430)
Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-07T08:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5430",
"datePublished": "2014-11-07T11:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0245 (GCVE-0-2012-0245)
Vulnerability from cvelistv5 – Published: 2012-03-09 11:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "48090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf",
"refsource": "CONFIRM",
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0245",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5430 (GCVE-0-2014-5430)
Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-07T08:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5430",
"datePublished": "2014-11-07T11:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0245 (GCVE-0-2012-0245)
Vulnerability from nvd – Published: 2012-03-09 11:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "48090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48090"
},
{
"name": "52123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52123"
},
{
"name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf"
},
{
"name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf",
"refsource": "CONFIRM",
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0245",
"datePublished": "2012-03-09T11:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}