Search criteria
14 vulnerabilities found for robotware by abb
CVE-2024-1914 (GCVE-0-2024-1914)
Vulnerability from nvd – Published: 2024-05-14 13:41 – Updated: 2024-08-01 18:56
VLAI?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | RobotWare 6 |
Affected:
6.0.0 , < 6.15.06 except 6.10.10 and 6.13.07
(custom)
|
|||||||
|
|||||||||
Credits
ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:robotware:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robotware",
"vendor": "abb",
"versions": [
{
"lessThan": "6.15.06",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.10.10"
},
{
"status": "unaffected",
"version": "6.13.07"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:robotware:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robotware",
"vendor": "abb",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:06:59.720219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:17:40.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"IRC5"
],
"product": "RobotWare 6",
"vendor": "ABB",
"versions": [
{
"lessThan": "6.15.06 except 6.10.10 and 6.13.07 ",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"OmniCore"
],
"product": "RobotWare 7",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. \u003cbr\u003e\u003cbr\u003eThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. \u003cbr\u003e\u003cbr\u003eBelow are reported vulnerabilities in the Robot Ware versions. \u003cbr\u003e\u003cbr\u003e* IRC5- RobotWare 6 \u0026lt; 6.15.06 except 6.10.10, and 6.13.07 \u003cbr\u003e* OmniCore- RobotWare 7 \u0026lt; 7.14"
}
],
"value": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. \n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. \n\nBelow are reported vulnerabilities in the Robot Ware versions. \n\n* IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n* OmniCore- RobotWare 7 \u003c 7.14"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:10:23.298Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-1914",
"datePublished": "2024-05-14T13:41:02.136Z",
"dateReserved": "2024-02-27T02:10:19.053Z",
"dateUpdated": "2024-08-01T18:56:22.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1913 (GCVE-0-2024-1913)
Vulnerability from nvd – Published: 2024-05-14 13:20 – Updated: 2024-08-01 18:56
VLAI?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
Severity ?
7.6 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | RobotWare 6 |
Affected:
6.0.0 , < 6.15.06 except 6.10.10 and 6.13.07
(custom)
|
|||||||
|
|||||||||
Credits
ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:23:33.710572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:16.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"IRC5"
],
"product": "RobotWare 6",
"vendor": "ABB",
"versions": [
{
"lessThan": "6.15.06 except 6.10.10 and 6.13.07",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"OmniCore"
],
"product": "RobotWare 7",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them"
}
],
"datePublic": "2024-05-14T04:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eAn attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eBelow are\u0026nbsp;reported vulnerabilities in the Robot Ware versions.\u003cbr\u003e\n\n\u003cul\u003e\u003cli\u003eIRC5- RobotWare 6 \u0026lt; 6.15.06 except 6.10.10, and 6.13.07 \u003c/li\u003e\u003cli\u003eOmniCore- RobotWare 7 \u0026lt; 7.14\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.\u00a0\n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.\n\nBelow are\u00a0reported vulnerabilities in the Robot Ware versions.\n\n * IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n * OmniCore- RobotWare 7 \u003c 7.14\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:08:58.642Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-1913",
"datePublished": "2024-05-14T13:20:55.671Z",
"dateReserved": "2024-02-27T02:10:15.960Z",
"dateUpdated": "2024-08-01T18:56:22.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22279 (GCVE-0-2021-22279)
Vulnerability from nvd – Published: 2021-12-13 15:48 – Updated: 2024-09-16 17:38
VLAI?
Title
OmniCore RobotWare Missing Authentication Vulnerability
Summary
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RobotWare",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T15:48:03",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OmniCore RobotWare Missing Authentication Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n\u2022 Do not use Connected Services Ethernet port connection until the update has been applied, or\n\u2022 Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-12-01T07:48:00.000Z",
"ID": "CVE-2021-22279",
"STATE": "PUBLIC",
"TITLE": "OmniCore RobotWare Missing Authentication Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RobotWare",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio."
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n\u2022 Do not use Connected Services Ethernet port connection until the update has been applied, or\n\u2022 Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22279",
"datePublished": "2021-12-13T15:48:03.846890Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T17:38:50.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10288 (GCVE-0-2020-10288)
Vulnerability from nvd – Published: 2020-07-15 22:15 – Updated: 2024-09-16 19:51
VLAI?
Title
RVD#3327: No authentication required for accesing ABB IRC5 FTP server
Summary
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IRB140",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T22:15:13",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
],
"source": {
"defect": [
"RVD#3327"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T22:11:11 +00:00",
"ID": "CVE-2020-10288",
"STATE": "PUBLIC",
"TITLE": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IRB140",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/3327",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
]
},
"source": {
"defect": [
"RVD#3327"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10288",
"datePublished": "2020-07-15T22:15:13.640890Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-16T19:51:41.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-1914
Vulnerability from fkie_nvd - Published: 2024-05-14 16:16 - Updated: 2025-12-19 14:46
Severity ?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | robotware | * | |
| abb | robotware | * | |
| abb | robotware | * | |
| abb | irc5 | - | |
| abb | robotware | * | |
| abb | omnicore_c30 | - | |
| abb | omnicore_c90xt | - | |
| abb | omnicore_e10 | - | |
| abb | omnicore_v250xt | - | |
| abb | omnicore_v400xt | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "376A0E20-4424-4B7D-BDB6-2CC515A95577",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "118FABF7-558E-4056-99F7-39B0714D98DD",
"versionEndExcluding": "6.13.07",
"versionStartExcluding": "6.10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6311F-F2BD-47FE-A0D0-FDF04C2FC7F2",
"versionEndExcluding": "6.15.06",
"versionStartExcluding": "6.13.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA992BC-1586-4593-9591-07669053B169",
"versionEndExcluding": "7.14",
"versionStartIncluding": "7.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:omnicore_c30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74FC3FD0-0A15-4013-B235-123088834F4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_c90xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D55FCF6A-F680-4E92-B8AD-F68AC9C83E0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_e10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "923DB786-3E6C-435E-8E6F-36EE29F29A35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_v250xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF19AA37-7DBD-4228-BC40-B80D1EE92566",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_v400xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AC9810-1788-4A7E-8661-EACB25B9B24D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. \n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. \n\nBelow are reported vulnerabilities in the Robot Ware versions. \n\n* IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n* OmniCore- RobotWare 7 \u003c 7.14"
},
{
"lang": "es",
"value": "Un atacante que aprovechara con \u00e9xito estas vulnerabilidades podr\u00eda provocar que el robot se detuviera y hacer que el controlador del robot fuera inaccesible. La vulnerabilidad podr\u00eda potencialmente explotarse para realizar acciones no autorizadas por parte de un atacante. Esta vulnerabilidad surge bajo una condici\u00f3n espec\u00edfica cuando el sistema procesa un mensaje especialmente manipulado. A continuaci\u00f3n se informan vulnerabilidades en las versiones de Robot Ware. * IRC5- RobotWare 6 \u0026lt; 6.15.06 excepto 6.10.10 y 6.13.07 * OmniCore- RobotWare 7 \u0026lt; 7.14"
}
],
"id": "CVE-2024-1914",
"lastModified": "2025-12-19T14:46:31.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
}
]
},
"published": "2024-05-14T16:16:03.143",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-1913
Vulnerability from fkie_nvd - Published: 2024-05-14 16:16 - Updated: 2025-12-19 14:46
Severity ?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | robotware | * | |
| abb | robotware | * | |
| abb | robotware | * | |
| abb | irc5 | - | |
| abb | robotware | * | |
| abb | omnicore_c30 | - | |
| abb | omnicore_c90xt | - | |
| abb | omnicore_e10 | - | |
| abb | omnicore_v250xt | - | |
| abb | omnicore_v400xt | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "376A0E20-4424-4B7D-BDB6-2CC515A95577",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "118FABF7-558E-4056-99F7-39B0714D98DD",
"versionEndExcluding": "6.13.07",
"versionStartExcluding": "6.10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6311F-F2BD-47FE-A0D0-FDF04C2FC7F2",
"versionEndExcluding": "6.15.06",
"versionStartExcluding": "6.13.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA992BC-1586-4593-9591-07669053B169",
"versionEndExcluding": "7.14",
"versionStartIncluding": "7.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:omnicore_c30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74FC3FD0-0A15-4013-B235-123088834F4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_c90xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D55FCF6A-F680-4E92-B8AD-F68AC9C83E0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_e10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "923DB786-3E6C-435E-8E6F-36EE29F29A35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_v250xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF19AA37-7DBD-4228-BC40-B80D1EE92566",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:omnicore_v400xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AC9810-1788-4A7E-8661-EACB25B9B24D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.\u00a0\n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.\n\nBelow are\u00a0reported vulnerabilities in the Robot Ware versions.\n\n * IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n * OmniCore- RobotWare 7 \u003c 7.14\n\n"
},
{
"lang": "es",
"value": "Un atacante que aprovechara con \u00e9xito estas vulnerabilidades podr\u00eda provocar que el robot se detuviera, hacer que el controlador del robot fuera inaccesible o ejecutar c\u00f3digo arbitrario. La vulnerabilidad podr\u00eda potencialmente explotarse para realizar acciones no autorizadas por parte de un atacante. Esta vulnerabilidad surge bajo una condici\u00f3n espec\u00edfica cuando el sistema procesa un mensaje especialmente manipulado. A continuaci\u00f3n se informan vulnerabilidades en las versiones de Robot Ware. * IRC5- RobotWare 6 \u0026lt; 6.15.06 excepto 6.10.10 y 6.13.07 * OmniCore- RobotWare 7 \u0026lt; 7.14"
}
],
"id": "CVE-2024-1913",
"lastModified": "2025-12-19T14:46:23.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
}
]
},
"published": "2024-05-14T16:16:01.860",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-10288
Vulnerability from fkie_nvd - Published: 2020-07-15 23:15 - Updated: 2024-11-21 04:55
Severity ?
Summary
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
References
| URL | Tags | ||
|---|---|---|---|
| cve@aliasrobotics.com | https://github.com/aliasrobotics/RVD/issues/3327 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aliasrobotics/RVD/issues/3327 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C363AC-475E-42E1-937B-D34A45AE9E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6784E9-6C10-4DC4-8CDB-091EFF88BD2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2490A606-8525-4D45-B0A5-975E125257A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted."
},
{
"lang": "es",
"value": "IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petici\u00f3n de nombre de usuario y contrase\u00f1a, sin embargo, puede ingresar lo que desee. Mientras el campo no est\u00e9 vac\u00edo, ser\u00e1 aceptado"
}
],
"id": "CVE-2020-10288",
"lastModified": "2024-11-21T04:55:08.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@aliasrobotics.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T23:15:11.393",
"references": [
{
"source": "cve@aliasrobotics.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
],
"sourceIdentifier": "cve@aliasrobotics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cve@aliasrobotics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-1914 (GCVE-0-2024-1914)
Vulnerability from cvelistv5 – Published: 2024-05-14 13:41 – Updated: 2024-08-01 18:56
VLAI?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | RobotWare 6 |
Affected:
6.0.0 , < 6.15.06 except 6.10.10 and 6.13.07
(custom)
|
|||||||
|
|||||||||
Credits
ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:robotware:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robotware",
"vendor": "abb",
"versions": [
{
"lessThan": "6.15.06",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.10.10"
},
{
"status": "unaffected",
"version": "6.13.07"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:robotware:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robotware",
"vendor": "abb",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:06:59.720219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:17:40.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"IRC5"
],
"product": "RobotWare 6",
"vendor": "ABB",
"versions": [
{
"lessThan": "6.15.06 except 6.10.10 and 6.13.07 ",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"OmniCore"
],
"product": "RobotWare 7",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. \u003cbr\u003e\u003cbr\u003eThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. \u003cbr\u003e\u003cbr\u003eBelow are reported vulnerabilities in the Robot Ware versions. \u003cbr\u003e\u003cbr\u003e* IRC5- RobotWare 6 \u0026lt; 6.15.06 except 6.10.10, and 6.13.07 \u003cbr\u003e* OmniCore- RobotWare 7 \u0026lt; 7.14"
}
],
"value": "An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. \n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. \n\nBelow are reported vulnerabilities in the Robot Ware versions. \n\n* IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n* OmniCore- RobotWare 7 \u003c 7.14"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:10:23.298Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-1914",
"datePublished": "2024-05-14T13:41:02.136Z",
"dateReserved": "2024-02-27T02:10:19.053Z",
"dateUpdated": "2024-08-01T18:56:22.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1913 (GCVE-0-2024-1913)
Vulnerability from cvelistv5 – Published: 2024-05-14 13:20 – Updated: 2024-08-01 18:56
VLAI?
Summary
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.
The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.
Below are reported vulnerabilities in the Robot Ware versions.
* IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07
* OmniCore- RobotWare 7 < 7.14
Severity ?
7.6 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ABB | RobotWare 6 |
Affected:
6.0.0 , < 6.15.06 except 6.10.10 and 6.13.07
(custom)
|
|||||||
|
|||||||||
Credits
ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:23:33.710572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:00:16.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"IRC5"
],
"product": "RobotWare 6",
"vendor": "ABB",
"versions": [
{
"lessThan": "6.15.06 except 6.10.10 and 6.13.07",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"OmniCore"
],
"product": "RobotWare 7",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them"
}
],
"datePublic": "2024-05-14T04:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eAn attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eBelow are\u0026nbsp;reported vulnerabilities in the Robot Ware versions.\u003cbr\u003e\n\n\u003cul\u003e\u003cli\u003eIRC5- RobotWare 6 \u0026lt; 6.15.06 except 6.10.10, and 6.13.07 \u003c/li\u003e\u003cli\u003eOmniCore- RobotWare 7 \u0026lt; 7.14\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nAn attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.\u00a0\n\nThe vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.\n\nBelow are\u00a0reported vulnerabilities in the Robot Ware versions.\n\n * IRC5- RobotWare 6 \u003c 6.15.06 except 6.10.10, and 6.13.07 \n * OmniCore- RobotWare 7 \u003c 7.14\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T16:08:58.642Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20330\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-1913",
"datePublished": "2024-05-14T13:20:55.671Z",
"dateReserved": "2024-02-27T02:10:15.960Z",
"dateUpdated": "2024-08-01T18:56:22.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22279 (GCVE-0-2021-22279)
Vulnerability from cvelistv5 – Published: 2021-12-13 15:48 – Updated: 2024-09-16 17:38
VLAI?
Title
OmniCore RobotWare Missing Authentication Vulnerability
Summary
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RobotWare",
"vendor": "ABB",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T15:48:03",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"solutions": [
{
"lang": "en",
"value": "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OmniCore RobotWare Missing Authentication Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n\u2022 Do not use Connected Services Ethernet port connection until the update has been applied, or\n\u2022 Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2021-12-01T07:48:00.000Z",
"ID": "CVE-2021-22279",
"STATE": "PUBLIC",
"TITLE": "OmniCore RobotWare Missing Authentication Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RobotWare",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.3.2"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=SI20265\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"solution": [
{
"lang": "en",
"value": "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio."
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n\u2022 Do not use Connected Services Ethernet port connection until the update has been applied, or\n\u2022 Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22279",
"datePublished": "2021-12-13T15:48:03.846890Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T17:38:50.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10288 (GCVE-0-2020-10288)
Vulnerability from cvelistv5 – Published: 2020-07-15 22:15 – Updated: 2024-09-16 19:51
VLAI?
Title
RVD#3327: No authentication required for accesing ABB IRC5 FTP server
Summary
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IRB140",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T22:15:13",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
],
"source": {
"defect": [
"RVD#3327"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T22:11:11 +00:00",
"ID": "CVE-2020-10288",
"STATE": "PUBLIC",
"TITLE": "RVD#3327: No authentication required for accesing ABB IRC5 FTP server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IRB140",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/3327",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/3327"
}
]
},
"source": {
"defect": [
"RVD#3327"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10288",
"datePublished": "2020-07-15T22:15:13.640890Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-16T19:51:41.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202007-0170
Vulnerability from variot - Updated: 2023-12-18 11:58IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system.
The ABB IRC5 FTP server has an access control error vulnerability. Remote attackers can use this vulnerability to submit special requests and gain unauthorized access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "robotware",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.09"
},
{
"model": "robotware",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "irc5",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10288"
}
]
},
"cve": "CVE-2020-10288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008555",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-41211",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@aliasrobotics.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10288",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@aliasrobotics.com",
"id": "CVE-2020-10288",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008555",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-41211",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1169",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn\u0027t empty it will be accepted. IRC5 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system. \n\r\n\r\nThe ABB IRC5 FTP server has an access control error vulnerability. Remote attackers can use this vulnerability to submit special requests and gain unauthorized access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "CNVD",
"id": "CNVD-2020-41211"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10288",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-41211",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1169",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"id": "VAR-202007-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
}
],
"trust": 1.4068182
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
}
]
},
"last_update_date": "2023-12-18T11:58:13.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://global.abb/group/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/aliasrobotics/rvd/issues/3327"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10288"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10288"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"date": "2020-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"date": "2020-07-15T23:15:11.393000",
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41211"
},
{
"date": "2020-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008555"
},
{
"date": "2020-07-23T17:22:18.030000",
"db": "NVD",
"id": "CVE-2020-10288"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IRC5 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1169"
}
],
"trust": 0.6
}
}
VAR-201311-0452
Vulnerability from variot - Updated: 2022-05-17 02:00This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "test signal viewer",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.x"
},
{
"model": "robotware",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "5.x"
},
{
"model": "robotstudio",
"scope": null,
"trust": 0.7,
"vendor": "abb",
"version": null
},
{
"model": "test signal viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "1.4"
},
{
"model": "robotstudio",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5.15.02"
},
{
"model": "test signal viewer",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.5"
},
{
"model": "robotstudio",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "5.15.03"
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi",
"sources": [
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-13-253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14743",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14744",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "555598f6-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "ZDI-13-253",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14743",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14744",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world\u0027s top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-253",
"trust": 1.6
},
{
"db": "BID",
"id": "63904",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14743",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-14744",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1834",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435",
"trust": 0.6
},
{
"db": "IVD",
"id": "555598F6-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "574F7F8C-1EFB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"id": "VAR-201311-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
],
"trust": 2.296608943333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"last_update_date": "2022-05-17T02:00:03.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf"
},
{
"title": "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41340"
},
{
"title": "ABB RobotWare CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41341"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/63904"
},
{
"trust": 1.0,
"url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf"
},
{
"trust": 0.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-13-253/"
},
{
"trust": 0.6,
"url": "http://www.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/"
},
{
"trust": 0.3,
"url": "http://new.abb.com/products/robotics/robotstudio"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"date": "2013-11-27T00:00:00",
"db": "IVD",
"id": "574f7f8c-1efb-11e6-abef-000c29c66e3d"
},
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63904"
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-24T00:00:00",
"db": "ZDI",
"id": "ZDI-13-253"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14744"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63904"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "555598f6-1efb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14743"
},
{
"db": "BID",
"id": "63904"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-435"
}
],
"trust": 0.6
}
}
VAR-201611-0391
Vulnerability from variot - Updated: 2022-05-17 01:41ABB is a leader in power and automation technology among the world's top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A remote code-execution vulnerability 3. The following versions are affected: RobotWare 5.x versions prior to 5.15.13 RobotWare 5.6x versions prior t o 5.61.07 RobotWare 6.x versions prior to 6.0 4 .0 0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "robotware",
"scope": "eq",
"trust": 2.4,
"vendor": "abb",
"version": "5.x\u003c5.15.13"
},
{
"model": "robotware",
"scope": "eq",
"trust": 2.4,
"vendor": "abb",
"version": "5.6x\u003c5.61.07"
},
{
"model": "robotware",
"scope": "eq",
"trust": 2.4,
"vendor": "abb",
"version": "6.x\u003c6.04.00"
},
{
"model": "robotware",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "6.0"
},
{
"model": "robotware",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5.60"
},
{
"model": "robotware",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "5.0"
},
{
"model": "robotware",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "6.04.00"
},
{
"model": "robotware",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "5.61.07"
},
{
"model": "robotware",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "5.15.13"
}
],
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"db": "BID",
"id": "94034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davide Quarta, Marcello Pogliani, Mario Polino and Stefano Zanero from Politecnico di Milano.",
"sources": [
{
"db": "BID",
"id": "94034"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-10593",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2016-10592",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2016-10591",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-10593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-10592",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-10591",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB is a leader in power and automation technology among the world\u0027s top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities:\n1. Multiple buffer-overflow vulnerabilities\n2. A remote code-execution vulnerability\n3. \nThe following versions are affected:\nRobotWare 5.x versions prior to 5.15.13\nRobotWare 5.6x versions prior t o 5.61.07\nRobotWare 6.x versions prior to 6.0 4 .0 0",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"db": "BID",
"id": "94034"
},
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "94034",
"trust": 2.1
},
{
"db": "CNVD",
"id": "CNVD-2016-10593",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-10591",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-10592",
"trust": 0.8
},
{
"db": "IVD",
"id": "14BAA0DB-8F92-4DCE-A76C-1B9498A20B49",
"trust": 0.2
},
{
"db": "IVD",
"id": "300C7966-AFA9-497E-B43B-BEEB7F4ABCF7",
"trust": 0.2
},
{
"db": "IVD",
"id": "8E4EF4C6-6BD1-40E1-A98F-7A82E8E3BBAD",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"db": "BID",
"id": "94034"
}
]
},
"id": "VAR-201611-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
}
],
"trust": 3.2636363999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
}
]
},
"last_update_date": "2022-05-17T01:41:08.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABB RobotWare Authentication Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83511"
},
{
"title": "Patch for ABB RobotWare Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83509"
},
{
"title": "ABB RobotWare has multiple patches for buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83508"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/94034"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/94034/"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://library.e.abb.com/public/09da4d2b396841f6911ba1b06178fcb9/si20107%20-%20advisory%20for%20multiple%20vulnerabilities%20in%20abb%20robotware.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"db": "BID",
"id": "94034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"db": "BID",
"id": "94034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"date": "2016-11-04T00:00:00",
"db": "IVD",
"id": "300c7966-afa9-497e-b43b-beeb7f4abcf7"
},
{
"date": "2016-11-04T00:00:00",
"db": "IVD",
"id": "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"date": "2016-11-01T00:00:00",
"db": "BID",
"id": "94034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10593"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10592"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10591"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "94034"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB RobotWare Authentication vulnerability",
"sources": [
{
"db": "IVD",
"id": "14baa0db-8f92-4dce-a76c-1b9498a20b49"
},
{
"db": "CNVD",
"id": "CNVD-2016-10593"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "94034"
}
],
"trust": 0.3
}
}