10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.132 Low
EPSS
Percentile
95.6%
Added: 03/01/2012
CVE: CVE-2012-0245
BID: 52123
OSVDB: 79476
ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks, including managing communication with connected robot controllers.
WebWare Server (4.6 through 4.91) for Windows is vulnerable to a buffer overflow in the RobNetScanHost
service when processing incoming announcements about robot controller availability on the subnet. By sending a specially crafted packet to the server, a remote attacker could possibly execute arbitrary code on the vulnerable target.
Apply patches as described in ABB Vulnerability Security Advisory ABB-VU-DMRO-38599.
<http://www.zerodayinitiative.com/advisories/ZDI-12-033/>
<http://secunia.com/advisories/48090/>
This exploit has been tested on ABB WebWare Server 4.91 on Microsoft Windows XP SP3 English (DEP OptIn) with no further patches.
Windows