Search criteria
5 vulnerabilities by FANUC
CVE-2021-43988 (GCVE-0-2021-43988)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Title
ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
Summary
The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights.
Severity ?
6.1 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:36.544578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:37.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:31.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43988",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43988",
"datePublished": "2022-04-20T15:30:31.734Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:37.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43933 (GCVE-0-2021-43933)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Title
ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
Summary
The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources.
Severity ?
6.1 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:41.984140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:45.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43933",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43933",
"datePublished": "2022-04-20T15:30:30.872Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:45.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38483 (GCVE-0-2021-38483)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:28
VLAI?
Title
ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
Summary
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:46.426654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:52.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:30.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-38483",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-38483",
"datePublished": "2022-04-20T15:30:30.126Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:52.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43986 (GCVE-0-2021-43986)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:29
VLAI?
Title
ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
Summary
The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:49.356686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:00.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:29.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43986",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43986",
"datePublished": "2022-04-20T15:30:29.227Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:00.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43990 (GCVE-0-2021-43990)
Vulnerability from cvelistv5 – Published: 2022-04-20 15:30 – Updated: 2025-04-16 16:29
VLAI?
Title
ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
Summary
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call.
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Sharon Brizinov with Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:53.308160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:29:08.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ROBOGUIDE",
"vendor": "FANUC",
"versions": [
{
"lessThan": "v9.40083.00.05 (Rev T)",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T15:30:28.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
],
"solutions": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
},
"title": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-19T21:16:00.000Z",
"ID": "CVE-2021-43990",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ROBOGUIDE",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v9.40083.00.05 (Rev T)"
}
]
}
}
]
},
"vendor_name": "FANUC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov with Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-109-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "FANUC has created a new version to address these vulnerabilities. Users may obtain and install the new version by downloading ROBOGUIDE v9 Rev U or higher from the FANUC or FANUC America website (login required)."
}
],
"source": {
"advisory": "ICSA-22-109-03",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43990",
"datePublished": "2022-04-20T15:30:28.424Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:29:08.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}