OTPulse
FeedAboutContact

FANUC ROBOGUIDE-HandlingPRO

Monitor6.8ICS-CERT ICSA-23-101-01Apr 18, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

A path traversal vulnerability in FANUC ROBOGUIDE-HandlingPRO version 9 and earlier allows an attacker to read and overwrite files on the system running the software. The vulnerability requires network access and high technical complexity to exploit, with no known public exploits. Successful exploitation could compromise robot program files or engineering system integrity.

What this means
What could happen
An attacker with network access could read or overwrite files on the engineering workstation running ROBOGUIDE-HandlingPRO, potentially compromising robot program files or installation files. This could lead to unauthorized modification of robot behavior or denial of service to engineering teams.
Who's at risk
FANUC robotic automation engineering teams and facilities that use ROBOGUIDE-HandlingPRO for robot programming and simulation. This affects industrial facilities with robotic pick-and-place, material handling, or assembly operations that rely on this software for offline programming and validation.
How it could be exploited
An attacker must reach the workstation running ROBOGUIDE-HandlingPRO over the network and exploit a path traversal vulnerability (CWE-22) to access files outside the intended directory. The attack requires high technical complexity and no public exploit exists, but successful exploitation grants file read/write access to the engineering system.
Prerequisites
  • Network access to the workstation running ROBOGUIDE-HandlingPRO
  • ROBOGUIDE-HandlingPRO version 9 or earlier must be installed
  • Attacker must craft a malicious request to trigger the path traversal
remotely exploitablehigh CVSS score (6.8)no patch availableaffects engineering/control systems
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
ROBOGUIDE-HandlingPRO:≤ 9No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate ROBOGUIDE-HandlingPRO engineering workstations from the Internet and restrict network access to authorized users only
HARDENINGPlace engineering workstations behind a firewall and on a separate network segment from business and production networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to engineering workstations is required, use a VPN and ensure it is kept updated
HOTFIXContact FANUC to inquire about an available patch or upgrade path for ROBOGUIDE-HandlingPRO beyond version 9
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/97234884-a0ce-4faf-81cd-cbbb82bd0a66
FANUC ROBOGUIDE-HandlingPRO | CVSS 6.8 - OTPulse