Search criteria
8 vulnerabilities by FANUC
CVE-2023-1864 (GCVE-0-2023-1864)
Vulnerability from cvelistv5 – Published: 2023-06-07 20:43 – Updated: 2025-01-06 21:23
VLAI?
Summary
FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to
a path traversal, which could allow an attacker to remotely read files
on the system running the affected software.
Severity ?
6.8 (Medium)
CWE
- CWE-22 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FANUC | ROBOGUIDE-HandlingPRO |
Affected:
0 , ≤ 9 Rev.ZD
(custom)
|
Credits
Yenting Lee of TXOne Networks reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T21:23:09.906451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T21:23:18.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ROBOGUIDE-HandlingPRO",
"vendor": "FANUC ",
"versions": [
{
"lessThanOrEqual": "9 Rev.ZD",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yenting Lee of TXOne Networks reported this vulnerability to CISA. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nFANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"
}
],
"value": "FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T20:43:17.256Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nFANUC recommends users update to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://myportal.fanucamerica.com/\"\u003elatest version\u003c/a\u003e. \n\n\u003cbr\u003e"
}
],
"value": "FANUC recommends users update to the latest version https://myportal.fanucamerica.com/ . \n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "FANUC ROBOGUIDE-HandlingPRO Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-1864",
"datePublished": "2023-06-07T20:43:17.256Z",
"dateReserved": "2023-04-05T13:21:28.753Z",
"dateUpdated": "2025-01-06T21:23:18.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43988 (GCVE-0-2021-43988)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Summary
The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights.
Severity ?
6.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:36.544578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:37.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:31.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43988",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43988",
"datePublished": "2022-04-20T15:30:31.734Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:37.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43933 (GCVE-0-2021-43933)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Summary
The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.
Severity ?
6.1 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:41.984140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:45.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43933",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43933",
"datePublished": "2022-04-20T15:30:30.872Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:45.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38483 (GCVE-0-2021-38483)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Summary
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:46.426654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:52.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-38483",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38483",
"datePublished": "2022-04-20T15:30:30.126Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:52.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43986 (GCVE-0-2021-43986)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:29
VLAI?
Summary
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:49.356686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:00.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:29.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43986",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43986",
"datePublished": "2022-04-20T15:30:29.227Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:00.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43990 (GCVE-0-2021-43990)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:29
VLAI?
Summary
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:53.308160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:08.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:28.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43990",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43990",
"datePublished": "2022-04-20T15:30:28.424Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:08.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32998 (GCVE-0-2021-32998)
Vulnerability from cvelistv5 – Published: 2022-01-07 22:39 – Updated: 2025-04-17 18:48
VLAI?
Summary
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
Severity ?
7.4 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FANUC | R-30iA, R-30iA Mate |
Affected:
v7 , ≤ v7.70
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:52:49.553719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:48:26.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R-30iA, R-30iA Mate",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v7.70",
"status": "affected",
"version": "v7",
"versionType": "custom"
}
]
},
{
"product": "R-30iB, R-30iB Mate, R-30iB Compact",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v8.36",
"status": "affected",
"version": "v8",
"versionType": "custom"
}
]
},
{
"product": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v9.40",
"status": "affected",
"version": "V9",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T22:39:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-07T17:00:00.000Z",
"ID": "CVE-2021-32998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R-30iA, R-30iA Mate",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v7",
"version_value": "v7.70"
}
]
}
},
{
"product_name": "R-30iB, R-30iB Mate, R-30iB Compact",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v8",
"version_value": "v8.36"
}
]
}
},
{
"product_name": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V9",
"version_value": "v9.40"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32998",
"datePublished": "2022-01-07T22:39:09.663Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:48:26.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32996 (GCVE-0-2021-32996)
Vulnerability from cvelistv5 – Published: 2022-01-07 22:39 – Updated: 2025-04-17 18:48
VLAI?
Summary
The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required.
Severity ?
7.5 (High)
CWE
- CWE-192 - INTEGER COERCION ERROR
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FANUC | R-30iA, R-30iA Mate |
Affected:
v7 , ≤ v7.70
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-32996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:53:39.607407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "CWE-681 Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:48:35.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R-30iA, R-30iA Mate",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v7.70",
"status": "affected",
"version": "v7",
"versionType": "custom"
}
]
},
{
"product": "R-30iB, R-30iB Mate, R-30iB Compact",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v8.36",
"status": "affected",
"version": "v8",
"versionType": "custom"
}
]
},
{
"product": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"vendor": "FANUC",
"versions": [
{
"lessThanOrEqual": "v9.40",
"status": "affected",
"version": "V9",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-192",
"description": "CWE-192 INTEGER COERCION ERROR",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-07T22:39:08.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-07T17:00:00.000Z",
"ID": "CVE-2021-32996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "R-30iA, R-30iA Mate",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v7",
"version_value": "v7.70"
}
]
}
},
{
"product_name": "R-30iB, R-30iB Mate, R-30iB Compact",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v8",
"version_value": "v8.36"
}
]
}
},
{
"product_name": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "V9",
"version_value": "v9.40"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-192 INTEGER COERCION ERROR"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32996",
"datePublished": "2022-01-07T22:39:08.821Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-17T18:48:35.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}