RVD#65: Stack overflow on RobAPI request

[aliasbot]

id: 65
title: 'RVD#65: Stack overflow on RobAPI request'
type: vulnerability
description: 'We found an exploitable memory error (a textbook stack-based buffer
  overflow) in the code that receives RobAPI requests for the DHROOT handler.  Acknowledgement:
  Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin,
  Stefano Zanero'
cwe: CWE-Stack Overflow (CWE-121)
cve: None
keywords:
- components hardware
- 'robot component: IRB140''s main computer'
- 'severity: high'
- 'state: new'
- 'vendor: ABB'
- vulnerability
system: IRB140's main computer
vendor: ABB
severity:
  rvss-score: '7.6'
  rvss-vector: RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:L/I:L/A:N/H:N
  severity-description: critical
  cvss-score: '9.3'
  cvss-vector: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
links:
- https://github.com/aliasrobotics/RVD/issues/65
- https://library.e.abb.com/public/a6b4cd9bf68c4f2f917365d3b4e32275/SI20107%20-%20Advisory%20for%20Multiple%20Vulnerabilities%20in%20ABB%20RobotWare.pdf
- https://conference.hitb.org/files/hitbsecconf2018pek/materials/D2T2%20-%20Hacking%20Robots%20-%20Stefano%20Zanero.pdf
- https://robosec.org/downloads/slides-robosec-sp-2017.pdf
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2017-05-03'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2017-05-03'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/65
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: null

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[Starsuki]

It seems that RVD#64 and RVD#65 are the same vulnerability (ABBVU-DMRO-124641).

[vmayoral]

Thanks @Starsuki for the triage. RVD#64 was indeed a duplicate. Closed it and maintaining this one.

[vmayoral]

I've updated the ticket and added a few more references. Ticket still needs further triage. Feel free to add your views on it @Starsuki.