ABB Robot Communications Runtime Buffer Overflow

Act NowICS-CERT ICSA-12-059-01Dec 1, 2012

Summary

A buffer overflow vulnerability exists in ABB Robot Communications Runtime and related products (IRC5 OPC Server, PC SDK, RobotStudio, WebWare Server, WebWare SDK, PickMaster 3/5, Interlink Module, and RobView). The vulnerability is in the communications runtime components used for robot control and integration. An attacker could trigger the buffer overflow by sending specially crafted data to the affected communications interfaces, potentially leading to denial of service or code execution on systems running these products.

What this means

What could happen

An attacker could cause the robot control software to crash, disrupting automated manufacturing or material handling operations, or potentially execute code on the engineering workstation controlling the robot. If the runtime is compromised, the attacker could alter robot commands or disable safety-critical functions.

Who's at risk

Manufacturing facilities and integrators using ABB IRC5 robot control systems should care. This includes anyone running RobotStudio on engineering workstations, robot controllers with Communications Runtime, or systems using the PC SDK, OPC Server, or WebWare interfaces for robot monitoring and control. Pick-and-place operations and automated manufacturing using ABB robots are directly affected.

How it could be exploited

An attacker with network access to a port exposing the Robot Communications Runtime (typically on engineering workstations or robot controllers connected to the network) sends a malicious packet with an oversized buffer. The communications runtime fails to validate input length, the buffer overflows, and depending on network segmentation, could corrupt memory on the target device or execute arbitrary code.

Prerequisites

Network access to the port(s) listening for robot communications protocol (typically TCP/IP on engineering workstations or robot controller interfaces)
Target must be running one of the affected product versions

remotely exploitableno patch availableaffects robot control systemshigh EPSS score (21%)

Exploitability

High exploit probability (EPSS 21.0%)

Affected products (10)

10 EOL

ProductAffected VersionsFix Status

Interlink Module: >=4.6|<=4.9≥ 4.6|≤ 4.9No fix (EOL)

IRC5 OPC Server: <=5.14.01≤ 5.14.01No fix (EOL)

PC SDK: <=5.14.01≤ 5.14.01No fix (EOL)

PickMaster 3: <=3.3≤ 3.3No fix (EOL)

PickMaster 5: <=5.13≤ 5.13No fix (EOL)

Robot Communications Runtime: <=5.14.01≤ 5.14.01No fix (EOL)

RobotStudio supporting IRC5: <=5.14.01≤ 5.14.01No fix (EOL)

RobView: 55No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation to restrict access to robot communications interfaces; isolate the robot controller and engineering workstations from untrusted networks

HARDENINGMonitor network traffic to and from robot communications ports for anomalous packet sizes or malformed requests

WORKAROUNDDisable remote access to robot communications interfaces if not operationally required

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict engineering workstation network access to only authorized subnets and devices

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Interlink Module: >=4.6|<=4.9, IRC5 OPC Server: <=5.14.01, PC SDK: <=5.14.01, PickMaster 3: <=3.3, PickMaster 5: <=5.13, Robot Communications Runtime: <=5.14.01, RobotStudio supporting IRC5: <=5.14.01, RobView: 5, WebWare SDK: >=4.6|<=4.9, WebWare Server: >=4.6|<=4.91. Apply the following compensating controls:

HARDENINGMonitor vendor advisories for security updates or patches when they become available

CVEs (1)

CVE-2012-0245

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/78fb3214-76c9-4f4b-a7a9-ef7c05d64b26