ABB Patches Robot Software

Wednesday, February 29, 2012 @ 11:02 AM gHale

There is a buffer overflow vulnerability in ABB’s Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers.

If exploited, this vulnerability could allow an attacker to cause a denial of service to the robot scanning and discovery service on the computer and potentially execute remote code with administrator privileges, according to a report from ICS-CERT.

Advantech’s New Version of WebAccess
DLL Hijacking Hole with 7T
Threat Alert Reaches New High
More SCADA, HMI Holes Found

ABB developed a patch to address this issue. Security researcher Luigi Auriemma first reported the vulnerability to the Zero Day Initiative (ZDI).

The following products suffer from the vulnerability:
• ABB Interlink Module: Versions 4.6 through 4.9
• IRC5 OPC Server: Versions up to and including 5.14.01
• PC SDK: Versions up to and including 5.14.01
• PickMaster 3: Versions up to and including 3.3
• PickMaster 5: Versions up to and including 5.13
• Robot Communications Runtime: Versions up to and including 5.14.01
• RobotStudio: Versions supporting IRC5 up to and including 5.14.01
• RobView 5: Works together with other products listed here.
• WebWare SDK: Versions 4.6 through 4.9
• WebWare Server: Versions 4.6 through 4.91

An attacker may be able to use this vulnerability to cause a denial of service for the robot scanning and discovery service and potentially execute code remotely on the Windows PC. Depending on the installation, the remote code execution could run with administrator privilege.

“As you can see from the ABB advisory the vulnerability was originally found by Luigi (Auriemma) in WebWare Server 4.91,” said Markus Braendle, ABB’s Group Head of Cyber Security. “Our thorough internal investigations then showed that the vulnerability affects not only the WebWare Server but several other products as well. We therefore extended to advisory beyond the product for which the vulnerability was originally reported and provided information and solutions for all the affected products.”

RobotStudio and PickMaster 5 see use in the installation, programming, and commissioning of ABB industrial robots. PickMaster 3, IRC5 OPC Server, and WebWare SDK work in continuous operations and custom human-machine interfaces for Windows PCs connected to the robot controller over a factory network, ABB said.

The vulnerability exists within RobNetScanHost.exe and its parsing of network packets accepted on Port 5512/TCP, ZDI said. By sending a specially crafted packet, an attacker can cause the RobNetScanHost service to terminate, resulting in a denial of service that prevents the system from finding robot controllers on the network. An attacker may be able to use the buffer overflow to download and execute code on the affected PC.

The vulnerability originates from a buffer overflow in the RobNetScanHost service component when processing incoming announcements of robot controller availability on the network. CVE-2012-0245 is the number assigned to this vulnerability. The vulnerability has a CVSS V2 base score of 10. The vulnerability is remotely exploitable.

An attacker with a low skill level would be able to exploit the buffer overflow, but a more advanced knowledge would be required to execute arbitrary code.

ABB issued a customer notification as well as a patch to correct this vulnerability.

Leave a Reply

You must be logged in to post a comment.