CVE-2023-1864 - Vulnerability Details - OpenCVE

Description

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to
a path traversal, which could allow an attacker to remotely read files
on the system running the affected software.

Published: 2023-06-07

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

FANUC

ROBOGUIDE-HandlingPRO

unaffected

Version	Status	Constraints
`0`	affected	≤ 9 Rev.ZD

Configuration 1 [-]

AND

cpe:2.3:o:fanuc:roboguide_handlingpro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fanuc:roboguide_handlingpro:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

FANUC recommends users update to the latest version https://myportal.fanucamerica.com/ .

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-24066	FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0013.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01

History

Mon, 06 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Fanuc Roboguide Handlingpro Roboguide Handlingpro Firmware

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-06-07T20:43:17.256Z

Updated: 2025-01-06T21:23:18.779Z

Reserved: 2023-04-05T13:21:28.753Z

Link: CVE-2023-1864

Vulnrichment

Updated: 2024-08-02T06:05:26.785Z

NVD

Status : Modified

Published: 2023-06-07T21:15:13.037

Modified: 2024-11-21T07:40:02.813

Link: CVE-2023-1864

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1864", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-04-05T13:21:28.753Z", "datePublished": "2023-06-07T20:43:17.256Z", "dateUpdated": "2025-01-06T21:23:18.779Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ROBOGUIDE-HandlingPRO", "vendor": "FANUC ", "versions": [{"lessThanOrEqual": "9 Rev.ZD", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yenting Lee of TXOne Networks reported this vulnerability to CISA. "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nFANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"}], "value": "FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-06-07T20:43:17.256Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nFANUC recommends users update to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://myportal.fanucamerica.com/\">latest version</a>. \n\n<br>"}], "value": "FANUC recommends users update to the latest version https://myportal.fanucamerica.com/ . \n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "FANUC ROBOGUIDE-HandlingPRO Path Traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.785Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T21:23:09.906451Z", "id": "CVE-2023-1864", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:23:18.779Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.785Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-06T21:23:09.906451Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:23:14.718Z"}}], "cna": {"title": "FANUC ROBOGUIDE-HandlingPRO Path Traversal", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yenting Lee of TXOne Networks reported this vulnerability to CISA. "}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FANUC ", "product": "ROBOGUIDE-HandlingPRO", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9 Rev.ZD"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "FANUC recommends users update to the latest version https://myportal.fanucamerica.com/ . \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\nFANUC recommends users update to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://myportal.fanucamerica.com/\">latest version</a>. \n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n", "supportingMedia": [{"type": "text/html", "value": "\nFANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Path Traversal"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-06-07T20:43:17.256Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1864", "state": "PUBLISHED", "dateUpdated": "2025-01-06T21:23:18.779Z", "dateReserved": "2023-04-05T13:21:28.753Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-06-07T20:43:17.256Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fanuc:roboguide_handlingpro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3718ECAB-DFEE-4FBF-92EB-0DB79622E0E1", "versionEndExcluding": "9_rev.zd", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fanuc:roboguide_handlingpro:-:*:*:*:*:*:*:*", "matchCriteriaId": "B48E7D22-650A-48B2-8F28-33CA64C9E553", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to\n a path traversal, which could allow an attacker to remotely read files \non the system running the affected software. \n\n"}], "id": "CVE-2023-1864", "lastModified": "2024-11-21T07:40:02.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T21:15:13.037", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-101-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}