ABB WebWare Server RobNetScanHost.exe Stack Buffer Overflow

2012-03-01T00:00:00
ID SAINT:BB1C9975F2F3A04EA3928C40603487F2
Type saint
Reporter SAINT Corporation
Modified 2012-03-01T00:00:00

Description

Added: 03/01/2012
CVE: CVE-2012-0245
BID: 52123
OSVDB: 79476

Background

ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks, including managing communication with connected robot controllers.

Problem

WebWare Server (4.6 through 4.91) for Windows is vulnerable to a buffer overflow in the RobNetScanHost service when processing incoming announcements about robot controller availability on the subnet. By sending a specially crafted packet to the server, a remote attacker could possibly execute arbitrary code on the vulnerable target.

Resolution

Apply patches as described in ABB Vulnerability Security Advisory ABB-VU-DMRO-38599.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-033/>
<http://secunia.com/advisories/48090/>

Limitations

This exploit has been tested on ABB WebWare Server 4.91 on Microsoft Windows XP SP3 English (DEP OptIn) with no further patches.

Platforms

Windows