ABB Fixes Dll Hijack Vulnerability

Wednesday, November 5, 2014 @ 04:11 PM gHale


ABB created a new versions of its RobotStudio and Test Signal Viewer applications to mitigate a dll hijack vulnerability, according to a report on ICS-CERT.

Ivan Sanchez of WiseSecurity Team, who discovered the vulnerability, tested the new version to validate that it resolves the vulnerability.

RELATED STORIES
Exploits Target Nordex Vulnerability
Meinberg Clears Radio Clocks Vulnerability
Accuenergy Fixes Authentication Holes
IOServer Fixes Resource Exhaustion Flaw

The following ABB versions suffer from the issue:
• RobotStudio Version 5.60 up to and including 5.61.01.01, and
• Test Signal Viewer Version 1.5

The vulnerability could allow an attacker who successfully exploits it to insert and run arbitrary code on an affected system.

Switzerland-based ABB maintains offices in several countries around the world and develops products in multiple critical sectors deployed worldwide.

The RobotStudio software is a PC product used for offline programming and simulation of ABB Robot system. The vulnerability exists in an executable file. The Test Signal Viewer software is a PC product used for tuning motion parameters for external axes such as track motion and turning tables. The products end up deployed globally across several industries including manufacturing, discrete automation, among others.

The vulnerability can end up exploited when an executable file executes during installation of RobotStudio to resolve the location of other DLLs dynamically loaded by a third-party component. The executable file is mistakenly included, but not used in the distribution of all RobotStudio, Versions 5.60 up to and including 5.61.01.01.

CVE-2014-5430 is the case number assigned to the vulnerability, which has a CVSS v2 base score of 9.3.

This vulnerability is not exploitable remotely and cannot undergo exploitation without user interaction. The exploit triggers when a local user runs the vulnerable application, which in certain scenarios can cause it to load a dll file from an untrusted source.

An attacker with a moderate skill would be able to exploit this vulnerability.

ABB fixed the problem is corrected in the following product versions:
• RobotStudio Version 5.61.02
• Test Signal Viewer Version 1.6

These versions are available on the RobotWare 5.15.07.01 DVD and the RobotWare 5.61.02 DVD. The RobotWare 5.15.07.01 DVD and the RobotWare 5.61.02 DVD are now available for download.

ABB issued two advisories providing further information.



Leave a Reply

You must be logged in to post a comment.