CVE-2019-13585 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2019-13585?

CVE-2019-13585 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on FANUC Robotics Virtual Robot Controller 8.23 by sending a specially crafted HTTP request to the admin webserver, causing a buffer overflow. It affects industrial control systems using this specific FANUC software version.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on FANUC Robotics Virtual Robot Controller 8.23 by sending a specially crafted HTTP request to the admin webserver, causing a buffer overflow. It affects industrial control systems using this specific FANUC software version.

💻 Affected Systems

Products:

FANUC Robotics Virtual Robot Controller

Versions: 8.23

Operating Systems: Specific to FANUC controller platform

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the remote admin webserver component specifically. Physical robot controllers may also be affected if running this software version.

📦 What is this software?

Robotics Virtual Robot Controller by Fanucamerica

View all CVEs affecting Robotics Virtual Robot Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, potential takeover of robotic control systems, and physical safety risks in industrial environments.

🟠

Likely Case

Remote code execution leading to unauthorized access, data theft, or disruption of robotic operations.

🟢

If Mitigated

Limited impact if webserver is isolated from critical control systems and network segmentation is implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP requests without authentication.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated attackers to compromise systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists in Packet Storm and other security advisories. The vulnerability requires sending a forged HTTP request to the admin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with FANUC for updated version

Vendor Advisory: Contact FANUC directly as no public advisory URL is provided in references

Restart Required: Yes

Instructions:

1. Contact FANUC support for patch availability 2. Apply the official patch 3. Restart the controller 4. Verify the fix

🔧 Temporary Workarounds

Network Isolation

all

Isolate the controller from untrusted networks and restrict access to admin webserver

Access Control

all

Implement strict firewall rules to limit HTTP access to trusted IP addresses only

🧯 If You Can't Patch

Segment the network to isolate the controller from other systems
Implement strict network access controls and monitor for suspicious HTTP traffic

🔍 How to Verify

Check if Vulnerable:

Check controller software version. If running 8.23, assume vulnerable. Test with controlled exploit if authorized.

Check Version:

Check through FANUC controller interface or consult system documentation

Verify Fix Applied:

Verify software version is updated beyond 8.23 and test that forged HTTP requests no longer cause buffer overflow.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to admin interface
Buffer overflow error messages in system logs
Unexpected process crashes

Network Indicators:

Malformed HTTP requests to controller port
Traffic patterns indicating exploit attempts

SIEM Query:

source_ip:* dest_ip:CONTROLLER_IP dest_port:80 OR dest_port:443 http_request:*admin* AND (http_request_length > threshold OR contains(http_request, overflow_pattern))

📊 Metadata

CVE ID: CVE-2019-13585

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 17, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/153671/FANUC-Robotics-Virtual-Robot-Controller-8.23-Buffer-Overflow.html Exploit,Third Party Advisory,VDB Entry
https://seclists.org/bugtraq/2019/Jul/24 Exploit,Mailing List,Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-024.txt Exploit,Third Party Advisory
http://packetstormsecurity.com/files/153671/FANUC-Robotics-Virtual-Robot-Controller-8.23-Buffer-Overflow.html Exploit,Third Party Advisory,VDB Entry
https://seclists.org/bugtraq/2019/Jul/24 Exploit,Mailing List,Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-024.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13585, you might also want to check these: