Multiple stack-based buffer overflows in RobNetScanHost.exe

[vmayoral]

{
    "id": 725,
    "title": "Multiple stack-based buffer overflows in RobNetScanHost.exe",
    "type": "vulnerability",
    "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem). RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02 is used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server.",
    "cwe": "CWE-119",
    "cve": "CVE-2012-0245",
    "keywords": "['vendor: ABB', 'robot component: ABB Robot Communications Runtime', 'robot component: ABB Interlink Module', 'robot component: ABB IRC5 OPC Server', 'robot component: ABB PC SDK', 'robot component: ABB PickMaster 3', 'robot component: PickMaster 5', 'robot component: RobView 5', 'robot component: RobotStudio', 'robot component: WebWare SDK', 'robot component: WebWare Server']",
    "system": "",
    "vendor": "ABB",
    "severity": {
        "rvss-score": 0,
        "rvss-vector": "",
        "severity-description": "",
        "cvss-score": 10.0,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/Au:N/C:C/I:C/A:C"
    },
    "links": [
        "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html",
        "http://secunia.com/advisories/48090",
        "http://www.securityfocus.com/bid/52123",
        "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf",
        "http://www.zerodayinitiative.com/advisories/ZDI-12-033/",
        "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf",
        "https://github.com/aliasrobotics/RVD/issues/725"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2011-10-10",
        "detected-by": "Luigi Auriemma via TippingPoint Zero Day Initiative.",
        "detected-by-method": "N/A",
        "date-reported": "2012-03-09",
        "reported-by": "cve@mitre.org",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/725",
        "reproducibility": "",
        "trace": "",
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": "2012-02-22",
    }
}

[vmayoral]

Vulnerability was apparently patched but security advisory not available anymore. IClosing to indicate that it was patched and mitigated.

[vmayoral]

Asigned date-mitigation the date of the coordinated public disclosure according to https://www.zerodayinitiative.com/advisories/ZDI-12-033/