Vulnerability Description
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fanuc | R-30Ia Firmware | 7.20 |
| Fanuc | R-30Ia | - |
| Fanuc | R-30Ia Mate Firmware | 7.20 |
| Fanuc | R-30Ia Mate | - |
| Fanuc | R-30Ib Mate Firmware | 8.10 |
| Fanuc | R-30Ib Mate | - |
| Fanuc | R-30Ib Compact Firmware | 8.10 |
| Fanuc | R-30Ib Compact | - |
| Fanuc | R-30Ib Firmware | 8.10 |
| Fanuc | R-30Ib | - |
| Fanuc | R-30Ib Mate Plus Firmware | 9.10 |
| Fanuc | R-30Ib Mate Plus | - |
| Fanuc | R-30Ib Compact Plus Firmware | 9.10 |
| Fanuc | R-30Ib Compact Plus | - |
| Fanuc | R-30Ib Mini Plus Firmware | 9.10 |
| Fanuc | R-30Ib Mini Plus | - |
| Fanuc | R-30Ib Plus Firmware | 9.10 |
| Fanuc | R-30Ib Plus | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-243-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-32998?
CVE-2021-32998 is a vulnerability with a CVSS score of 7.4 (HIGH). The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
How severe is CVE-2021-32998?
CVE-2021-32998 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32998?
Check the references section above for vendor advisories and patch information. Affected products include: Fanuc R-30Ia Firmware, Fanuc R-30Ia, Fanuc R-30Ia Mate Firmware, Fanuc R-30Ia Mate, Fanuc R-30Ib Mate Firmware.