Arbitrary Code Execution Vulnerability in ABB IRC5 and OmniCore Robot Controllers
CVE-2024-1913

7.6HIGH

Key Information:

Vendor: Abb
Status: Robotware 6; Robotware 7
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-1913?

A security vulnerability in ABB's RobotWare impacts the IRC5 and OmniCore robot controllers, enabling an attacker to exploit the system through specially crafted messages. Successful exploitation could lead to unauthorized activities such as stopping the robot's operations, rendering the robot controller inaccessible, or executing arbitrary code. Affected versions of RobotWare include IRC5 - versions earlier than 6.15.06 (excluding 6.10.10 and 6.13.07) and OmniCore - versions earlier than 7.14. Organizations using these products should assess their security posture and implement necessary mitigations to safeguard their robotic systems from potential threats.

Affected Version(s)

RobotWare 6 IRC5 6.0.0 < 6.15.06 except 6.10.10 and 6.13.07

RobotWare 7 OmniCore 7.0 < 7.14

References

https://search.abb.com/library/Download.aspx?DocumentID=S...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 27, 2024

Credit

ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them