0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
FANUC Robotics Virtual Robot Controller 8.23 Path Traversal Vulnerability
Author
Risk
[
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Product: FANUC Robotics Virtual Robot Controller Manufacturer: FANUC Robotics America, Inc. Affected Version(s): V8.23 Tested Version(s): V8.23 Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) Risk Level: Low Solution Status: Open Manufacturer Notification: 2019-05-22 Solution Date: ? Public Disclosure: 2019-07-15 CVE Reference: CVE-2019-13584 Author of Advisory: Sebastian Hamann, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: FANUC Robotics Virtual Robot Controller is an application for programming simulated industry robots. Due to an insufficient validation of user input, the HTTP service of the application is vulnerable to path traversal attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: vrimserve.exe offers an HTTP service on TCP port 8090, which can be used to control virtual robots and view their log files. A path traversal vulnerability was discovered in the log viewer functionality. By sending a specially crafted HTTP request to the web server, files and directories that match the pattern "*.*" can be listed anywhere on the filesystem. Furthermore, the contents of files named "logfile.txt" can be read. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): The string "..%5C" can be used to access the parent directory. Therefore, by accessing a URL similar to the following, it is possible to obtain a list of files (and directories with a . in their name) in the root directory of the C:\ partition (or another partition, depending on the software installation). http://${target_host}:8090/namedrobots/folder/dir/..%5C..%5C..%5C..%5C..%5C..%5C..%5C../ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: The vendor has not yet released a security update. It is recommended not making the remote admin web server (vrimserve.exe) available to untrusted networks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-04-23: Vulnerability discovered 2019-05-22: Vulnerability reported to manufacturer 2019-07-15: Public release of SySS security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Manufacturer website: https://www.fanucamerica.com/ [2] SySS Security Advisory SYSS-2019-025 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-025.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ # 0day.today [2024-07-03] #