CVE-2020-10292

{"id": "CVE-2020-10292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2020-11-06T12:15:11.743", "references": [{"url": "https://www.visualcomponents.com/products/visual-components/", "tags": ["Vendor Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds to all interfaces (0.0.0.0) and listensfor packets over UDP port 5093. No authentication/authorization is required in order to communicate with theserver. The protocol being used is a property protocol by RMS Sentinel which provides the licensing infrastructurefor the network license server. RMS Sentinel license manager service exposes UDP port 5093 which provides sensitivesystem information that could be leveraged for further exploitation without any kind of authentication. Thisinformation includes detailed hardware and OS characteristics.After a decryption process, a textual protocol is found which contains a simple header with the requested command,application-identifier, and some arguments. The protocol is vulnerable to DoS through an arbitrary pointerderreference. This flaw allows an attacker to to pass a specially crafted package that, when processed by theservice, causes an arbitrary pointer from the stack to be dereferenced, causing an uncaught exception thatterminates the service. This can be further contructed in combination with RVDP#710 which exploits an informationdisclosure leak, or with RVDP#711 for an stack-overflow and potential code execution.Beyond denying simulations, Visual Components provides capabilities to interface with industrial machinery andautomate certain processes (e.g. testing, benchmarking, etc.) which depending on the DevOps setup might beintegrated into the industrial flow. Accordingly, a DoS in the simulation might have higher repercusions, dependingon the Industrial Control System (ICS) ICS infrastructure."}, {"lang": "es", "value": "Visual Components (propiedad de KUKA) es un simulador rob\u00f3tico que permite simular f\u00e1bricas y robots para mejorar los procesos de planificaci\u00f3n y toma de decisiones. El software Visual Components requiere una licencia especial que puede ser obtenida desde un servidor de licencias de red. El servidor de licencias de red se enlaza a todas las interfaces (0.0.0.0) y escucha los paquetes a trav\u00e9s del puerto UDP 5093. No es requerida una autenticaci\u00f3n y autorizaci\u00f3n para comunicarse con el servidor. El protocolo que es usado es un protocolo propiedad de RMS Sentinel que proporciona la infraestructura de licencias para el servidor de licencias de red. El servicio administrador de licencias de RMS Sentinel expone el puerto UDP 5093 que provee informaci\u00f3n confidencial del sistema que podr\u00eda ser aprovechada para una nueva explotaci\u00f3n sin ning\u00fan tipo de autenticaci\u00f3n. Esta informaci\u00f3n incluye caracter\u00edsticas detalladas de hardware y OS. Despu\u00e9s de un proceso de descifrado, se encuentra un protocolo textual que contiene un encabezado simple con el comando solicitado, el identificador de la aplicaci\u00f3n y algunos argumentos. El protocolo es vulnerable a una DoS por medio de una referencia de puntero arbitraria. Este fallo permite a un atacante pasar un paquete especialmente dise\u00f1ado que, cuando es procesado por el servicio, causa que un puntero arbitrario de la pila sea desreferenciado, provocando una excepci\u00f3n no detectada que finaliza el servicio. Esto se puede construir a\u00fan m\u00e1s en combinaci\u00f3n con RVDP#710 que explota un filtrado de divulgaci\u00f3n de informaci\u00f3n, o con RVDP # 711 para un desbordamiento de la pila y una potencial ejecuci\u00f3n de c\u00f3digo. M\u00e1s all\u00e1 de denegar simulaciones, Visual Components proporciona capacidades para interactuar con maquinaria industrial y automatizar determinados procesos (por ejemplo testing, benchmarking, etc. ) que, seg\u00fan la configuraci\u00f3n de DevOps, podr\u00eda integrarse en el flujo industrial. En consecuencia, una DoS en la simulaci\u00f3n podr\u00eda tener mayores repercusiones, dependiendo de la infraestructura del Sistema de Control Industrial (ICS)"}], "lastModified": "2022-05-13T20:57:13.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kuka:visual_components_network_license_server:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37AF9A3F-EDE2-4943-B441-F32E1669B48A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@aliasrobotics.com"}