Open
Description
id: 68
title: 'RVD#68: Improper Access Control on IRB140''s FlexPendant'
type: vulnerability
description: "Researchers found some issues in the compliance tool that comes with\
\ the FlexPendant software development kit (SDK). The tool does not actually enforce\
\ certain important restrictions, including preventing the use of namespaces that\
\ allow access to raw file system and RobAPI capabilities. Reported as RVDP.\r\n\
\ \_Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi,\
\ Andrea M. Zanchettin, Stefano Zanero"
cwe: CWE-Improper Access Control - Generic (CWE-284)
cve: None
keywords:
- components hardware
- malformed
- 'robot component: IRB140''s flex pendant'
- 'severity: medium'
- 'state: new'
- 'vendor: ABB'
- vulnerability
system: IRB140's flex pendant
vendor: ABB
severity:
rvss-score: 6.5
rvss-vector: RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N
severity-description: 'medium'
cvss-score: 0
cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/68
- https://www.trendmicro.es/media/wp/industrial-robot-security-wp-en.pdf
- https://github.com/aliasrobotics/RVD/issues/63
flaw:
phase: unknown
specificity: N/A
architectural-location: N/A
application: N/A
subsystem: N/A
package: N/A
languages: None
date-detected: '2017-05-03'
detected-by: ''
detected-by-method: N/A
date-reported: '2017-05-03'
reported-by: ''
reported-by-relationship: N/A
issue: https://github.com/aliasrobotics/RVD/issues/68
reproducibility: ''
trace: null
reproduction: ''
reproduction-image: ''
exploitation:
description: ''
exploitation-image: ''
exploitation-vector: ''
exploitation-recipe: ''
mitigation:
description: ''
pull-request: ''
date-mitigation: null