#VU32979 Resource exhaustion in FANUC products - CVE-2020-12739


Vulnerability identifier: #VU32979

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-12739

CWE-ID: CWE-400

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
FANUC Series 30i-B Plus
Hardware solutions / Other hardware appliances
FANUC Series 31i-B Plus
Hardware solutions / Other hardware appliances
FANUC Series 32i-B Plus
Hardware solutions / Other hardware appliances
FANUC Series 30i-B
Hardware solutions / Other hardware appliances
FANUC Series 31i-B
Hardware solutions / Other hardware appliances
FANUC Series 32i-B
Hardware solutions / Other hardware appliances
FANUC Series 35i-B
Hardware solutions / Other hardware appliances
FANUC Power Motion i-MODEL A
Hardware solutions / Other hardware appliances
FANUC Series 0i-MODEL F Plus
Hardware solutions / Other hardware appliances
FANUC Series 0i-MODEL F
Hardware solutions / Other hardware appliances
FANUC Series 30i-MODEL A
Hardware solutions / Other hardware appliances
FANUC Series 31i-MODEL A
Hardware solutions / Other hardware appliances
FANUC Series 32i-MODEL A
Hardware solutions / Other hardware appliances
FANUC Series 0i-MODEL D
Hardware solutions / Other hardware appliances
FANUC Series 0i-Mate D
Hardware solutions / Other hardware appliances
FANUC Series 0i-MODEL C
Hardware solutions / Other hardware appliances
FANUC Series 16i-MODEL B
Hardware solutions / Other hardware appliances
FANUC Series 18i-MODEL B
Hardware solutions / Other hardware appliances
FANUC Series 21i-MODEL B
Hardware solutions / Other hardware appliances
FANUC Series 0i-MODEL B
Hardware solutions / Other hardware appliances
FANUC Series 16i-WB
Hardware solutions / Other hardware appliances
FANUC Series 18i-WB
Hardware solutions / Other hardware appliances

Vendor: FANUC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FANUC Series 30i-B Plus: All versions

FANUC Series 31i-B Plus: All versions

FANUC Series 32i-B Plus: All versions

FANUC Series 30i-B: All versions

FANUC Series 31i-B: All versions

FANUC Series 32i-B: All versions

FANUC Series 35i-B: All versions

FANUC Power Motion i-MODEL A: All versions

FANUC Series 0i-MODEL F Plus: All versions

FANUC Series 0i-MODEL F: All versions

FANUC Series 30i-MODEL A: All versions

FANUC Series 31i-MODEL A: All versions

FANUC Series 32i-MODEL A: All versions

FANUC Series 0i-MODEL D: All versions

FANUC Series 0i-Mate D: All versions

FANUC Series 0i-MODEL C: All versions

FANUC Series 16i-MODEL B: All versions

FANUC Series 18i-MODEL B: All versions

FANUC Series 21i-MODEL B: All versions

FANUC Series 0i-MODEL B: All versions

FANUC Series 16i-WB: All versions

FANUC Series 18i-WB: All versions

External links
https://jvn.jp/en/jp/JVN84959128/index.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in FANUC i Series CNC