关键信息 Advisory ID: SYSS-2019-024 Product: FANUC Robotics Virtual Robot Controller Manufacturer: FANUC Robotics America, Inc. Affected Version(s): V8.23 Tested Version(s): V8.23 Vulnerability Type: Stack-based Buffer Overflow (CWE-121) Risk Level: High Solution Status: Open Solution Date: ? Public Disclosure: 2019-07-15 CVE Reference: CVE-2019-13585 Author of Advisory: Sebastian Hamann, SySS GmbH Overview FANUC Robotics Virtual Robot Controller is an application for programming simulated industry robots. Due to a stack-based buffer overflow, the remote admin web server (vrimserve.exe) is vulnerable to denial-of-service and remote code execution attacks. Vulnerability Details The offers an HTTP service on TCP port 8090. A buffer overflow vulnerability was discovered in the log viewer functionality. Sending a crafted HTTP request can crash the application, causing a denial-of-service condition. Remote code execution may also be possible. Proof of Concept (PoC) Solution Vendor has not yet released a security update. It is recommended not to make the remote admin web server ( ) available to untrusted networks. Disclosure Timeline 2019-04-23: Vulnerability discovered 2019-05-22: Vulnerability reported to manufacturer 2019-07-15: Public release of SySS security advisory References 1. https://www.fanucamerica.com/ 2. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-024.txt 3. https://www.syss.de/en/news/responsible-disclosure-policy/