Advisories

I’m not a bug hunter, but I do occasionally find and report vulnerabilities as part of my job.

ICS-ALERT-20-217-01

ROS Industrial Robot Motion Servers (KUKA and ABB) insufficient verification of data autenticity leading to arbitrary command execution or denial of service. More details and mitigation at ICS-ALERT-20-217-01.

ICSA-20-098-05

Kuka.Sim Pro v3.1 improper enforcement of message integrity during transmission in a communication channel. More details at ICSA-20-098-05.

CVE-2018-19023

Hetronic replay-attack vulnerability in radio-frequency industrial remote controllers. More details at ICSA-19-003-03, CVE-2018-19023, and ZDI-19-003.

ZDI-CAN-6183

Autec replay-attack vulnerability in radio-frequency industrial remote controllers. The product under testing has reached end of life and is no longer supported by the vendor. More details.

ZDI-18-1336

Juuko replay-attack vulnerability in radio-frequency industrial remote controllers. More details at ZDI-18-1336.

ZDI-CAN-6185

Circuit Design replay-attack vulnerability in radio-frequency module. More details.

ZDI-18-1362

Juuko arbitrary command injection and remote code execution vulnerability in radio-frequency industrial remote controllers. More details at ZDI-18-1362.

ZDI-CAN-6187

Elca replay-attack vulnerability in radio-frequency industrial remote controllers. The product under testing has reached end of life and is no longer supported by the vendor. More details.

CVE-2018-17903

Saga replay-attack vulnerability in radio-frequency industrial remote controllers. More details at ICSA-18-296-02, and CVE-2018-17903.

CVE-2018-17921

Saga TX-RX re-pairing without human interaction in radio-frequency industrial radio controllers. More details at ICSA-18-296-02, and CVE-2018-17921.

CVE-2018-17923

Saga unattended reprogramming in radio-frequency industrial radio remote controllers. More details at ICSA-18-296-02, and CVE-2018-17923.

CVE-2018-17935

Telecrane replay-attack vulnerability in radio-frequency industrial radio remote controllers. More details at ICSA-18-296-03, and CVE-2018-17935.

CVE-2018-11615

mosca 2.8.1 regular expression denial of service. More details at CVE-2018-11615, and ZDI-18-583.

CVE-2018-17614

PubSubClient 2.7 MQTT remote command execution. More details at CVE-2018-17614 and ZDI-18-1337.

CVE-2018-10633

Universal Robots Robot Controllers Version CB 3.1 remote code execution. More details at ICSA-18-191-01.

CVE-2018-10635

Universal Robots Robot Controllers Version CB 3.1 hard-coded credentials. More details at ICSA-18-191-01.

CVE-2017-7653

Eclipse Mosquitto broker up to version 1.4.15 denial of service via invalid Unicode in topics strings. More details at CVE-2017-7653, 532113, and OASIS.

ICS-ALERT-17-209-01

CAN Bus Standard Vulnerability (Resource Exhaustion). More details at ICS-ALERT-17-209-01.

ABBVU-DMRO-124641

ABB RobotWare Buffer overflow leading to arbitrary remote code execution. More details at SI20107.

ABBVU-DMRO-124642

ABB RobotWare Remote command execution. More details at SI20107.

ABBVU-DMRO-124644

ABB RobotWare Authentication bypass. More details at SI20107.

ABBVU-DMRO-124645

ABB RobotWare Buffer overflow in FlexPendant. More details at SI20107.

ABBVU-DMRO-128238

ABB RobotWare Remote buffer overflow in command endpoint. More details at SI20107.