Unauthorized Actions in ABB Robot Controller Due to Specific Message Processing Flaw
CVE-2024-1914

6.5MEDIUM

Key Information:

Vendor: Abb
Status: Robotware 6; Robotware 7
Vendor: CVE Published:; 14 May 2024

Summary

A serious vulnerability in ABB's RobotWare could allow attackers to craft specific messages that lead to unauthorized actions, stopping the robot and making the robot controller inaccessible. This is particularly concerning for users operating affected versions, as it poses risks to system integrity and operation continuity. Care should be taken to evaluate and patch the systems to safeguard against potential exploitations.

Affected Version(s)

RobotWare 6 IRC5 6.0.0 < 6.15.06 except 6.10.10 and 6.13.07

RobotWare 7 OmniCore 7.0 < 7.14

References

https://search.abb.com/library/Download.aspx?DocumentID=S...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 27, 2024

Credit

ABB thanks Yuncheng Wang, Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China for responsibly reporting the vulnerabilities and working with us as we addressed them.