Lucene search

[email protected]CVE-2021-32998

HistoryJan 10, 2022 - 2:10 p.m.

CVE-2021-32998

2022-01-1014:10:17

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-32998

fanuc

r-30ia

r-30ib

out-of-bounds write

remote code execution

security vulnerability

nvd

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.

Affected configurations

NVD

Node

fanucr-30ia_firmwareMatch7.20

fanucr-30ia_firmwareMatch7.30

fanucr-30ia_firmwareMatch7.40

fanucr-30ia_firmwareMatch7.43

fanucr-30ia_firmwareMatch7.50

fanucr-30ia_firmwareMatch7.63

fanucr-30ia_firmwareMatch7.70

AND

fanucr-30iaMatch-

Node

fanucr-30ia_mate_firmwareMatch7.20

fanucr-30ia_mate_firmwareMatch7.30

fanucr-30ia_mate_firmwareMatch7.40

fanucr-30ia_mate_firmwareMatch7.43

fanucr-30ia_mate_firmwareMatch7.50

fanucr-30ia_mate_firmwareMatch7.63

fanucr-30ia_mate_firmwareMatch7.70

AND

fanucr-30ia_mateMatch-

Node

fanucr-30ib_mate_firmwareMatch8.10

fanucr-30ib_mate_firmwareMatch8.13

fanucr-30ib_mate_firmwareMatch8.20

fanucr-30ib_mate_firmwareMatch8.23

fanucr-30ib_mate_firmwareMatch8.26

fanucr-30ib_mate_firmwareMatch8.30

fanucr-30ib_mate_firmwareMatch8.33

fanucr-30ib_mate_firmwareMatch8.36

AND

fanucr-30ib_mateMatch-

Node

fanucr-30ib_compact_firmwareMatch8.10

fanucr-30ib_compact_firmwareMatch8.13

fanucr-30ib_compact_firmwareMatch8.20

fanucr-30ib_compact_firmwareMatch8.23

fanucr-30ib_compact_firmwareMatch8.26

fanucr-30ib_compact_firmwareMatch8.30

fanucr-30ib_compact_firmwareMatch8.33

fanucr-30ib_compact_firmwareMatch8.36

AND

fanucr-30ib_compactMatch-

Node

fanucr-30ib_firmwareMatch8.10

fanucr-30ib_firmwareMatch8.13

fanucr-30ib_firmwareMatch8.20

fanucr-30ib_firmwareMatch8.23

fanucr-30ib_firmwareMatch8.26

fanucr-30ib_firmwareMatch8.30

fanucr-30ib_firmwareMatch8.33

fanucr-30ib_firmwareMatch8.36

AND

fanucr-30ibMatch-

Node

fanucr-30ib_mate_plus_firmwareMatch9.10

fanucr-30ib_mate_plus_firmwareMatch9.13

fanucr-30ib_mate_plus_firmwareMatch9.16

fanucr-30ib_mate_plus_firmwareMatch9.30

fanucr-30ib_mate_plus_firmwareMatch9.36

fanucr-30ib_mate_plus_firmwareMatch9.40

AND

fanucr-30ib_mate_plusMatch-

Node

fanucr-30ib_compact_plus_firmwareMatch9.10

fanucr-30ib_compact_plus_firmwareMatch9.13

fanucr-30ib_compact_plus_firmwareMatch9.16

fanucr-30ib_compact_plus_firmwareMatch9.30

fanucr-30ib_compact_plus_firmwareMatch9.36

fanucr-30ib_compact_plus_firmwareMatch9.40

AND

fanucr-30ib_compact_plusMatch-

Node

fanucr-30ib_mini_plus_firmwareMatch9.10

fanucr-30ib_mini_plus_firmwareMatch9.13

fanucr-30ib_mini_plus_firmwareMatch9.16

fanucr-30ib_mini_plus_firmwareMatch9.30

fanucr-30ib_mini_plus_firmwareMatch9.36

fanucr-30ib_mini_plus_firmwareMatch9.40

AND

fanucr-30ib_mini_plusMatch-

Node

fanucr-30ib_plus_firmwareMatch9.10

fanucr-30ib_plus_firmwareMatch9.13

fanucr-30ib_plus_firmwareMatch9.16

fanucr-30ib_plus_firmwareMatch9.30

fanucr-30ib_plus_firmwareMatch9.36

fanucr-30ib_plus_firmwareMatch9.40

AND

fanucr-30ib_plusMatch-

CPENameOperatorVersion
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.20
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.30
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.40
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.43
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.50
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.63
fanuc:r-30ia_firmwarefanuc r-30ia firmwareeq7.70

CPE	Name	Operator	Version
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.20
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.30
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.40
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.43
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.50
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.63
fanuc:r-30ia_firmware	fanuc r-30ia firmware	eq	7.70

CNA Affected

[
  {
    "product": "R-30iA, R-30iA Mate",
    "vendor": "FANUC",
    "versions": [
      {
        "lessThanOrEqual": "v7.70",
        "status": "affected",
        "version": " v7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "R-30iB, R-30iB Mate, R-30iB Compact",
    "vendor": "FANUC",
    "versions": [
      {
        "lessThanOrEqual": "v8.36",
        "status": "affected",
        "version": "v8",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus",
    "vendor": "FANUC",
    "versions": [
      {
        "lessThanOrEqual": "v9.40",
        "status": "affected",
        "version": "V9",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-243-02

8.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVE-2021-32998

nessus1 cvelist1 nvd1 prion1 ics1