CVE-2021-32996

Q: What is the severity of CVE-2021-32996?

CVE-2021-32996 has a CVSS score of 7.5 (HIGH). FANUC R-30iA and R-30iB industrial robot controllers contain integer coercion errors that can cause device crashes requiring restart. This affects manufacturing and industrial environments using these specific robot controllers.

7.5 HIGH

Denial of Service

📋 TL;DR

FANUC R-30iA and R-30iB industrial robot controllers contain integer coercion errors that can cause device crashes requiring restart. This affects manufacturing and industrial environments using these specific robot controllers.

💻 Affected Systems

Products:

FANUC R-30iA
FANUC R-30iB

Versions: All versions prior to patching

Operating Systems: FANUC proprietary controller OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects industrial robot controllers used in manufacturing environments. These are typically air-gapped or segmented from corporate networks.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Production line disruption due to controller crashes requiring manual intervention and restart, potentially causing physical damage if robots stop in unsafe positions.

🟠

Likely Case

Temporary production stoppage while controllers are restarted, causing minor operational delays.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: LOW - Industrial controllers should never be directly internet-facing; proper segmentation should prevent external exploitation.

🏢 Internal Only: MEDIUM - Attackers with internal network access could disrupt production operations by exploiting this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Integer coercion errors typically require specific malformed input to trigger. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact FANUC for specific firmware updates

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02

Restart Required: Yes

Instructions:

1. Contact FANUC support for firmware updates. 2. Schedule maintenance window. 3. Backup controller configuration. 4. Apply firmware update. 5. Restart controller. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate robot controllers from general network traffic using firewalls and VLANs

Access Control

all

Restrict network access to controllers to only authorized maintenance systems

🧯 If You Can't Patch

Implement strict network segmentation to isolate controllers
Monitor controller health and network traffic for anomalous activity

🔍 How to Verify

Check if Vulnerable:

Check controller model and firmware version against FANUC advisory

Check Version:

Check via FANUC controller interface or maintenance software

Verify Fix Applied:

Verify firmware version has been updated to patched version from FANUC

📡 Detection & Monitoring

Log Indicators:

Unexpected controller restarts
Error logs indicating integer overflow or coercion

Network Indicators:

Unusual network traffic to controller ports
Multiple connection attempts to controller

SIEM Query:

source="controller_logs" AND (event="crash" OR event="restart")

📊 Metadata

CVE ID: CVE-2021-32996

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-192

Published: January 10, 2022

Last Updated: April 17, 2025

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02 Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02 Third Party Advisory,US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ia Mate Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Compact Plus Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mate Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Mini Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

R 30ib Plus Firmware by Fanuc

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version: