CVE-2021-32998

Published Jan 10, 2022
Last updated 3 years ago
CVSS high 7.4
Overview

Description: The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.4
Impact score: 5.2
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 8.8
Impact score: 9.2
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-787
ics-cert@hq.dhs.gov: CWE-787
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5330143-E90D-4A39-AB80-6355339C505C"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F521607-1BD1-464B-B84E-87C312FB1458"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A76373A-B737-4FCD-97DE-403185FE3484"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A1AA6E-B4C1-4D1F-BBD5-479BCA0FCDB5"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA808E46-5807-43CF-8B5A-415BE815F1DD"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.63:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47F0E0F7-D634-47B1-8C3A-FF5B6701FF63"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_firmware:7.70:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57979C61-590D-48F6-B81C-8FFC38753943"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ia:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C1FCE2E-7FB5-485F-9988-0E60E0920E55"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0BFC3FD-5DC5-4A64-8C9A-7408FF091BD2"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "839A495D-487D-4A07-A486-FF06646DD319"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64D21270-85D1-469B-8043-4F28A90C924F"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7F6094F-1A32-4D98-81FC-1B985BEECAB9"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D5246EF-BCB6-461F-A912-44B681501BB7"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.63:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C83B4133-EE21-4B5C-BBEE-B179F384254B"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ia_mate_firmware:7.70:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA180D09-18ED-4656-B460-FCDCD39AB4A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ia_mate:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4DCE050F-1062-4456-8C4E-6F9C649D55F5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6975C033-7695-44EE-9C9A-A81069C365CF"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC553460-B492-4061-9322-1876E6E06008"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A32EC2AD-BA02-496E-983C-65BBFC77892E"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC3B973-F784-4407-991C-8A7815BE0A57"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5ECC95E-8297-4539-B365-D6DFB268E91D"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E35D08-9A90-47AD-BFCA-F9CB369B042E"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6AA7F96-98BB-4F72-8EE7-D1BA529AE399"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_firmware:8.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59024A73-BAE6-493C-BF8D-5C1D36A84234"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_mate:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E32A68FE-FF9E-4FC5-B4DD-67242BC632B5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3C91206-B54C-4E41-96AF-7A59CFBDD516"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B5C56CC-50A7-4697-8504-F30137C1B5C5"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E75BF9-7FBE-47C7-AA07-2C440D4E10E6"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC936B5A-CC17-42E5-B5D5-203298A1E01F"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "864EEF01-51CB-4BB4-8808-460DCB0DAEE1"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAF3A19-D4A4-41E4-9B29-8436EF6A83D0"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC3EB58D-9719-4AD8-8788-E394DBF776C8"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_firmware:8.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81C33E27-1FD6-4353-B4E5-99A225DEF0AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_compact:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1DAB826E-541C-4A73-B9E1-FE6B002111CD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C52D665-0E74-488A-9988-CA033BA5E951"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46AF6F6E-A162-4850-A0A9-C74AC38A94D2"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2F10B87-9412-4007-91CB-E3D95525758B"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F54846C-FBA4-456D-B2D3-341828929FD0"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BAAF98F-A594-47B0-8261-09BAB2AD17FA"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDED6882-2C06-4D67-9552-A1B6938229BF"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A68621-6216-4CD7-916C-E31D783F0DE1"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_firmware:8.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "863A7BC5-C0F5-4528-8A21-D04D9D31AE97"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8DF78494-4464-409E-85CC-2DEEBDC5D2E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31FE32D8-4D63-49B5-92D2-FE41D4DEDD7C"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5456471-AE98-438A-890F-7FB5C8A09405"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9170D349-E0D7-46B4-80E8-83506A0F5D78"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85554BF1-D5E4-4379-91C5-356490BB49DB"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D421824D-3F11-443C-8E5D-4B294A732B97"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mate_plus_firmware:9.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FB317E6-15F4-4AD3-A951-0C9D23784478"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_mate_plus:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FFB97399-05B1-4BAE-88D9-F7C4E73A4C59"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B96D5343-FDE7-4065-AE1F-86C409F61E05"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20002FF3-03F6-4BC1-97CC-7D41A453F961"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9901D6B-3D0C-4D8E-B8F7-5CA0005239AA"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7FB9180-E37A-4722-8F09-D35891396DA6"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBAC639A-4554-4335-BA8E-A40D07979E5B"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_compact_plus_firmware:9.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A26BA06-0920-49B7-B4D2-EB70C9DB1DDB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_compact_plus:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FE1F5E5B-769F-4CE7-8BEC-8013981AE009"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A598FBB7-4A1D-45D4-BC93-2F9C48439BE7"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA331696-13AA-4588-8EB8-B9DDDE61C853"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8AF13EC-758F-447D-8B82-2B34538B200C"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAE2E2FC-88B4-4219-9E34-F1EE0639A65D"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A347C273-D19F-40A4-99B4-86D33032F257"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_mini_plus_firmware:9.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98274BF3-58B0-453F-B479-654600C81085"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_mini_plus:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E4F1334D-51B0-42D1-8427-1E9365F3D526"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E518BE35-F3C5-4D88-807B-DB3444DB36F0"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1794F756-AB92-4D28-957B-46736BDA5ECB"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3A3DC78-2D49-499A-B5A3-4AF612D34AF9"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4A083CB-B642-4437-8CF2-10EF199C260D"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82ADA892-078E-4BEC-A716-667BEEBAA813"
          },
          {
            "criteria": "cpe:2.3:o:fanuc:r-30ib_plus_firmware:9.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7AA5F91-6F05-4BA7-872F-B8DFF7F72D94"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fanuc:r-30ib_plus:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91FB7C00-AD90-4162-9EA9-8B2572AA5BDD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
