FANUC Robot Controllers (Update A)

Monitor7.4ICS-CERT ICSA-21-243-02Aug 31, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

FANUC R-30iA and R-30iA Mate robot controllers (versions 7.0–7.70) contain buffer overflow vulnerabilities (CWE-192, CWE-787) in the webserver. Successful exploitation could crash the controller or allow remote code execution. The vulnerabilities have high attack complexity, and no public exploits are currently known. No firmware update is available from FANUC; mitigation relies on network access controls and isolation.

What this means

What could happen

An attacker with network access could cause the robot controller to crash, disrupting manufacturing operations. If the buffer overflow is successfully exploited, the attacker could run arbitrary commands on the controller, potentially altering robot motion paths or safety interlocks.

Who's at risk

Manufacturing facilities using FANUC R-30iA or R-30iA Mate robot controllers (versions 7 through 7.70) should be concerned. This impacts automotive, electronics assembly, and general industrial robotics where these controllers manage multi-axis robot arms. Any facility with networked FANUC controllers is at risk if the controllers are reachable from untrusted networks.

How it could be exploited

An attacker sends a specially crafted network request to the R-30iA/R-30iA Mate webserver to trigger a buffer overflow condition. The buffer overflow could allow the attacker to execute arbitrary code on the controller, or the malformed input could crash the device. This requires network access to the controller and ability to reach its web interface (typically port 80 or 443).

Prerequisites

Network access to the robot controller's webserver on its listening ports
Ability to send specially crafted input (high attack complexity suggests precise payload construction is required)
Robot controller must be exposed to attacker-reachable network (not behind adequately configured firewall)

remotely exploitableno patch availablebuffer overflow can lead to code executionhigh attack complexity (reduces immediate risk)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

R-30iA R-30iA Mate: v7 v7.20 v7.30 v7.40 v7.43 v7.50 v7.63 v7.707 | 7.20 | 7.30 | 7.40 | 7.43 | 7.50 | 7.63 | 7.70No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDImplement FANUC Server Access Control (FSAC) to restrict webserver access by IP address — configure to allow only known engineering workstations and monitoring systems

WORKAROUNDDisable or close unused network protocols and ports using Network Protocol Access Level settings in the controller firewall configuration

HARDENINGPlace the robot controller behind a firewall and restrict inbound network access to only necessary ports and source IP ranges

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIsolate the robot control network (cell controller, teach pendants, engineering workstations) from the business network using separate network segments

HARDENINGIf remote access to the controller is required, use a VPN with current security patches and require multi-factor authentication

Mitigations - no patch available

0/1

R-30iA R-30iA Mate: v7 v7.20 v7.30 v7.40 v7.43 v7.50 v7.63 v7.70 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor for suspicious network activity targeting the controller and escalate to CISA if intrusion is suspected

CVEs (2)

CVE-2021-32996 CVE-2021-32998

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6ed639d1-8ac8-49e7-822c-ffb1214926d0