CVE-2024-6157
📋 TL;DR
A NULL pointer dereference vulnerability in the PROFINET stack of ABB RobotWare allows attackers to cause denial of service by sending specially crafted messages. This affects IRC5 robot controllers running vulnerable RobotWare versions, potentially disrupting industrial automation operations.
💻 Affected Systems
- ABB IRC5 Robot Controllers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete robot stoppage leading to production line shutdown, material waste, and safety hazards in automated environments.
Likely Case
Temporary robot unavailability requiring manual intervention and restart, causing production delays.
If Mitigated
Minimal impact if robots are isolated from untrusted networks and monitored for anomalous traffic.
🎯 Exploit Status
Exploitation requires crafting specific PROFINET messages and network access to robot controller.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: RobotWare 6.15.06 or later; also fixed in 6.10.10 and 6.13.07
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=SI20337&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download RobotWare 6.15.06 or later from ABB support portal. 2. Backup robot configuration. 3. Install update following ABB documentation. 4. Restart robot controller. 5. Verify PROFINET communication functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate robot controllers from untrusted networks using firewalls or VLANs
PROFINET Traffic Filtering
allConfigure network devices to filter unexpected PROFINET traffic to robot controllers
🧯 If You Can't Patch
- Implement strict network access controls to limit PROFINET traffic to authorized sources only
- Monitor robot controller logs for unusual PROFINET communication patterns and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check RobotWare version via robot controller interface: System Parameters > Controller > RobotWare VersionCheck Version:
No CLI command; check via robot controller FlexPendant or web interfaceVerify Fix Applied:
Verify RobotWare version is 6.15.06 or later, or specifically 6.10.10 or 6.13.07📡 Detection & Monitoring
Log Indicators:
- Robot controller crash/restart logs
- PROFINET communication errors
- Unexpected robot stoppage events
Network Indicators:
- Unusual PROFINET traffic patterns to robot controllers
- Malformed PROFINET packets
SIEM Query:
source="robot_controller" AND (event_type="crash" OR event_type="unexpected_stop")