CVE-2012-0245
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cret@cert.org — http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf
Vendor advisory: cret@cert.org — http://secunia.com/advisories/48090
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| abb | interlink_module | - | |
| abb | irc5_opc_server | - | |
| abb | pc_sdk | - | |
| abb | pickmaster_3 | - | |
| abb | pickmaster_5 | - | |
| abb | robot_communications_runtime | {"endIncluding":"5.14.01"} | |
| abb | robotstudio | - | |
| abb | robview_5 | - | |
| abb | webware_sdk | - | |
| abb | webware_server | - | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html
- http://secunia.com/advisories/48090
- http://www.securityfocus.com/bid/52123
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-12-033/
- http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html
- http://secunia.com/advisories/48090
- http://www.securityfocus.com/bid/52123
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf
- http://www.zerodayinitiative.com/advisories/ZDI-12-033/
- http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/%24file/si10227a1%20vulnerability%20security%20advisory.pdf
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.