RVD icon indicating copy to clipboard operation
RVD copied to clipboard
verified publisher icon aliasrobotics

RVD#65: Stack overflow on RobAPI request

Open aliasbot opened this issue 7 years ago • 4 comments 

id: 65
title: 'RVD#65: Stack overflow on RobAPI request'
type: vulnerability
description: 'We found an exploitable memory error (a textbook stack-based buffer
  overflow) in the code that receives RobAPI requests for the DHROOT handler.  Acknowledgement:
  Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin,
  Stefano Zanero'
cwe: CWE-Stack Overflow (CWE-121)
cve: None
keywords:
- components hardware
- 'robot component: IRB140''s main computer'
- 'severity: high'
- 'state: new'
- 'vendor: ABB'
- vulnerability
system: IRB140's main computer
vendor: ABB
severity:
  rvss-score: '7.6'
  rvss-vector: RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:L/I:L/A:N/H:N
  severity-description: critical
  cvss-score: '9.3'
  cvss-vector: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
links:
- https://github.com/aliasrobotics/RVD/issues/65
- https://library.e.abb.com/public/a6b4cd9bf68c4f2f917365d3b4e32275/SI20107%20-%20Advisory%20for%20Multiple%20Vulnerabilities%20in%20ABB%20RobotWare.pdf
- https://conference.hitb.org/files/hitbsecconf2018pek/materials/D2T2%20-%20Hacking%20Robots%20-%20Stefano%20Zanero.pdf
- https://robosec.org/downloads/slides-robosec-sp-2017.pdf
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2017-05-03'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2017-05-03'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/65
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: null

aliasbot avatar Aug 27 '18 09:08 aliasbot

Feedback (automatically generated):

  • FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see Vulnerability report template for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 27 '19 17:10 github-actions[bot]

It seems that RVD#64 and RVD#65 are the same vulnerability (ABBVU-DMRO-124641).

Starsuki avatar Jun 25 '20 03:06 Starsuki

Thanks @Starsuki for the triage. RVD#64 was indeed a duplicate. Closed it and maintaining this one.

vmayoral avatar Jun 25 '20 06:06 vmayoral

I've updated the ticket and added a few more references. Ticket still needs further triage. Feel free to add your views on it @Starsuki.

vmayoral avatar Jun 25 '20 06:06 vmayoral