CVE-2024-1914
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in ABB RobotWare that allows attackers to cause denial of service conditions. When exploited, specially crafted messages can make robot controllers inaccessible or stop robots entirely. Affected systems include IRC5 controllers running RobotWare 6 (except specific patched versions) and OmniCore controllers running RobotWare 7 below version 7.14.
💻 Affected Systems
- ABB IRC5 Robot Controllers
- ABB OmniCore Robot Controllers
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete loss of control over industrial robots, production line shutdowns, and potential safety hazards if robots stop unexpectedly during operations.
Likely Case
Temporary denial of service causing robot controller inaccessibility and production interruptions until systems are rebooted or restored.
If Mitigated
Limited impact with proper network segmentation and message filtering, potentially causing only brief service interruptions.
🎯 Exploit Status
Exploitation requires crafting specific messages and network access to vulnerable controllers. No authentication is required once network access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: RobotWare 6.15.06 or 7.14 and above
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download appropriate RobotWare update from ABB support portal. 2. Backup current configuration. 3. Apply update following ABB's RobotWare update procedures. 4. Restart robot controllers. 5. Verify version with RobotStudio or controller interface.
🔧 Temporary Workarounds
Network Segmentation
allIsolate robot controllers from untrusted networks using firewalls and VLANs
Message Filtering
allImplement network filtering to block suspicious or malformed messages to robot controllers
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with robot controllers
- Monitor network traffic to robot controllers for unusual patterns or malformed messages
🔍 How to Verify
Check if Vulnerable:
Check RobotWare version in RobotStudio or on controller interface. For IRC5: versions below 6.15.06 (except 6.10.10 and 6.13.07) are vulnerable. For OmniCore: versions below 7.14 are vulnerable.Check Version:
Use RobotStudio or check controller display for version information. No universal command exists across all ABB robot platforms.Verify Fix Applied:
Confirm RobotWare version is 6.15.06 or higher for IRC5, or 7.14 or higher for OmniCore. Test controller functionality and network communication.📡 Detection & Monitoring
Log Indicators:
- Unexpected controller restarts
- Network connection errors to robot controllers
- Controller status changes to 'fault' or 'stopped'
Network Indicators:
- Unusual traffic patterns to robot controller ports
- Malformed network packets to robot controllers
- Multiple connection attempts to robot services
SIEM Query:
source="robot_controller" AND (event_type="crash" OR event_type="restart" OR status="fault")