FANUC ROBOGUIDE Simulation Platform

MonitorCVSS 6.1ICS-CERT ICSA-22-109-03Apr 19, 2022

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

FANUC ROBOGUIDE simulation platform versions 9.40083.00.05 (Rev T) and earlier contain multiple vulnerabilities that could allow denial of service, remote code execution, or unauthorized privilege escalation. The vulnerabilities stem from improper access control (CWE-732, CWE-284), path traversal (CWE-22), XML external entity processing (CWE-611), and resource exhaustion (CWE-400). Successful exploitation requires network access to the workstation and user interaction, such as opening a malicious file. An attacker could execute code with the privileges of the ROBOGUIDE application, potentially altering robot programs or disrupting engineering work.

What this means

What could happen

An attacker could deny service to the ROBOGUIDE simulation platform, execute arbitrary code on the engineering workstation running it, or escalate privileges to gain unauthorized control of robot programming and simulation functions.

Who's at risk

This affects manufacturing plants using FANUC robots for production, assembly, or material handling. Specifically, it impacts engineering teams and automation technicians who use ROBOGUIDE to design and simulate robot programs before deployment to production floor controllers. Any plant that develops or maintains custom FANUC robot automation is at risk.

How it could be exploited

An attacker would need to reach the workstation running ROBOGUIDE over the network and trick an engineer to open a malicious file or interact with a specially crafted input (the advisory indicates user interaction is required). Once executed, the attacker gains the ability to run commands with the privileges of the ROBOGUIDE application, potentially affecting robot behavior or plant automation design work.

Prerequisites

Network access to the engineering workstation running ROBOGUIDE
User interaction required (likely opening a malicious file or project)
ROBOGUIDE version 9.40083.00.05 (Rev T) or earlier installed

remotely exploitableuser interaction requiredaffects engineering/automation systemsno patch available for older versions

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

ROBOGUIDE: v9.40083.00.05 (Rev T) and earlier≤ 9.40083.00.05 (Rev T)9 Rev U or higher

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to ROBOGUIDE workstations; do not expose them to the Internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ROBOGUIDE to version 9 Rev U or higher

Long-term hardening

0/2

HARDENINGPlace engineering workstations and robot controllers behind a firewall and isolate from the business network using network segmentation

HARDENINGRequire use of VPN with current security patches for any remote access to ROBOGUIDE systems

CVEs (5)

CVE-2021-38483 CVE-2021-43986 CVE-2021-43988 CVE-2021-43990 CVE-2021-43933

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/45f117c3-9e2b-4cd2-8cee-504e47889486

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.