Open
Description
id: 65
title: 'RVD#65: Stack overflow on RobAPI request'
type: vulnerability
description: 'We found an exploitable memory error (a textbook stack-based buffer
overflow) in the code that receives RobAPI requests for the DHROOT handler. Acknowledgement:
Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin,
Stefano Zanero'
cwe: CWE-Stack Overflow (CWE-121)
cve: None
keywords:
- components hardware
- 'robot component: IRB140''s main computer'
- 'severity: high'
- 'state: new'
- 'vendor: ABB'
- vulnerability
system: IRB140's main computer
vendor: ABB
severity:
rvss-score: '7.6'
rvss-vector: RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:L/I:L/A:N/H:N
severity-description: critical
cvss-score: '9.3'
cvss-vector: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
links:
- https://github.com/aliasrobotics/RVD/issues/65
- https://library.e.abb.com/public/a6b4cd9bf68c4f2f917365d3b4e32275/SI20107%20-%20Advisory%20for%20Multiple%20Vulnerabilities%20in%20ABB%20RobotWare.pdf
- https://conference.hitb.org/files/hitbsecconf2018pek/materials/D2T2%20-%20Hacking%20Robots%20-%20Stefano%20Zanero.pdf
- https://robosec.org/downloads/slides-robosec-sp-2017.pdf
flaw:
phase: unknown
specificity: N/A
architectural-location: N/A
application: N/A
subsystem: N/A
package: N/A
languages: None
date-detected: '2017-05-03'
detected-by: ''
detected-by-method: N/A
date-reported: '2017-05-03'
reported-by: ''
reported-by-relationship: N/A
issue: https://github.com/aliasrobotics/RVD/issues/65
reproducibility: ''
trace: null
reproduction: ''
reproduction-image: ''
exploitation:
description: ''
exploitation-image: ''
exploitation-vector: ''
exploitation-recipe: ''
mitigation:
description: ''
pull-request: ''
date-mitigation: null