ABB RobotStudio and Test Signal Viewer DLL Hijack Vulnerability

Low RiskICS-CERT ICSA-14-308-01Aug 7, 2014

Summary

ABB RobotStudio and Test Signal Viewer are vulnerable to DLL hijacking attacks. The vulnerability exists in versions RobotStudio <=5.61.01.01 and Test Signal Viewer 1.5. An attacker who can place a malicious DLL file in a location where the application searches for dependencies can achieve arbitrary code execution when the application loads that DLL.

What this means

What could happen

An attacker could execute arbitrary code on engineering workstations running RobotStudio or Test Signal Viewer, potentially allowing them to modify robot programs, interfere with testing, or compromise the engineering environment used to program and configure ABB robots.

Who's at risk

Organizations using ABB RobotStudio for robot programming and testing, and those using Test Signal Viewer for diagnostic work on ABB equipment. This affects engineering teams, integrators, and automation engineers who work with ABB industrial robots and control systems.

How it could be exploited

An attacker must place a malicious DLL file in a directory that RobotStudio or Test Signal Viewer searches during startup (typically the application directory or a shared library path). When an engineer launches the affected application, Windows searches for the required DLL, finds the attacker's malicious version first, and loads it with the same privileges as the user running the application.

Prerequisites

Local access to the engineering workstation where RobotStudio or Test Signal Viewer is installed
Ability to write files to a directory in the application's DLL search path (e.g., application folder, current working directory, or system folders)

No patch availableAffects engineering/programming tools

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

RobotStudio: <=5.61.01.01≤ 5.61.01.01No fix (EOL)

Test Signal Viewer: 1.51.5No fix (EOL)

Remediation & Mitigation

0/5

Mitigations - no patch available

0/5

The following products have reached End of Life with no planned fix: RobotStudio: <=5.61.01.01, Test Signal Viewer: 1.5. Apply the following compensating controls:

HARDENINGRestrict file write permissions on directories in the DLL search path (application folder, shared library locations) to prevent untrusted users or processes from placing malicious DLLs

HARDENINGLimit engineering workstation access to authorized personnel only; control who can log in and run applications

HARDENINGStore RobotStudio and Test Signal Viewer on network shares with restricted write permissions; prevent installation in user-writable locations

HARDENINGMonitor engineering workstations for unexpected DLL files in application directories or system paths

HARDENINGEvaluate migration to newer, supported ABB software if available

CVEs (1)

CVE-2014-5430

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/50daf3c1-d87b-4638-a4e1-0ddc437fc8d3