CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.3%
ICS-CERT received a report from ABB and the Zero Day Initiative (ZDI) concerning a buffer overflow vulnerability in the Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.
If exploited, this vulnerability could allow an attacker to cause a denial of service to the robot scanning and discovery service on the computer and potentially execute remote code with administrator privileges.
ABB has developed a patch to address this issue.
The following ABB products and versions are affected:
An attacker may be able to use this vulnerability to cause a denial of service for the robot scanning and discovery service and potentially execute code remotely on the Windows PC. Depending on the installation, the remote code execution could run with administrator privilege.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.
According to ABB, RobotStudio and PickMaster 5 are used in installation, programming, and commissioning of ABB industrial robots. PickMaster 3, IRC5 OPC Server, and WebWare SDK are used for continuous operations and custom human-machine interfaces for Windows PCs connected to the robot controller over a factory network.
According to ZDI, the vulnerability exists within RobNetScanHost.exe and its parsing of network packets accepted on Port 5512/TCP. By sending a specially crafted packet, an attacker can cause the RobNetScanHost service to terminate, resulting in a denial of service that prevents robot controllers from being discovered on the network. An attacker may be able to use the buffer overflow to download and execute code on the affected PC.
The vulnerability originates from a buffer overflow in the RobNetScanHost service component when processing incoming announcements of robot controller availability on the network.
CVE-2012-0245 has been assigned to this vulnerability. A CVSS V2 base score of 10 has also been assigned.
This vulnerability is remotely exploitable.
No known exploits specifically target this vulnerability.
An attacker with a low skill level would be able to exploit the buffer overflow while more advanced knowledge would be required to execute arbitrary code.
ABB has issued a customer notification as well as a patch to correct this vulnerability.
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control systems security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0245
www.zerodayinitiative.com/
www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-12-059-01
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=ABB%20Robot%20Communications%20Runtime%20Buffer%20Overflow+https://www.cisa.gov/news-events/ics-advisories/icsa-12-059-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-12-059-01&title=ABB%20Robot%20Communications%20Runtime%20Buffer%20Overflow
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-12-059-01
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=ABB%20Robot%20Communications%20Runtime%20Buffer%20Overflow&body=www.cisa.gov/news-events/ics-advisories/icsa-12-059-01