SAINT CorporationSAINT:BB1C9975F2F3A04EA3928C40603487F2ABB WebWare Server RobNetScanHost.exe Stack Buffer Overflow
0.132 Low
EPSS
Percentile
95.6%
Added: 03/01/2012
CVE: CVE-2012-0245
BID: 52123
OSVDB: 79476
Background
ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks, including managing communication with connected robot controllers.
Problem
WebWare Server (4.6 through 4.91) for Windows is vulnerable to a buffer overflow in the RobNetScanHost service when processing incoming announcements about robot controller availability on the subnet. By sending a specially crafted packet to the server, a remote attacker could possibly execute arbitrary code on the vulnerable target.
Resolution
Apply patches as described in ABB Vulnerability Security Advisory ABB-VU-DMRO-38599.
References
<http://www.zerodayinitiative.com/advisories/ZDI-12-033/>
<http://secunia.com/advisories/48090/>
Limitations
This exploit has been tested on ABB WebWare Server 4.91 on Microsoft Windows XP SP3 English (DEP OptIn) with no further patches.
Platforms
Windows
Related
