fanuc 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk xxe, and vendor risk memory corruption に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-1864 | FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | [email protected] | 6.8 | 0.31% | 2023-06-07 | 2024-11-21 |
| CVE-2021-43990 | The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call. | [email protected] | 6.1 | 0.17% | 2022-04-20 | 2024-11-21 |
| CVE-2021-43988 | The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. | [email protected] | 6.1 | 0.42% | 2022-04-20 | 2024-11-21 |
| CVE-2021-43986 | The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation. | [email protected] | 6.0 | 0.14% | 2022-04-20 | 2024-11-21 |
| CVE-2021-43933 | The affected product is vulnerable to a network-based attack by threat actors sending unimpeded requests to the receiving server, which could cause a denial-of-service condition due to lack of heap memory resources. | [email protected] | 6.1 | 0.19% | 2022-04-20 | 2024-11-21 |
| CVE-2021-38483 | The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation. | [email protected] | 6.0 | 0.04% | 2022-04-20 | 2024-11-21 |
| CVE-2021-32998 | The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. | [email protected] | 7.4 | 0.39% | 2022-01-10 | 2025-04-17 |
| CVE-2021-32996 | The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. | [email protected] | 7.5 | 0.40% | 2022-01-10 | 2025-04-17 |
| CVE-2020-12739 | A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | [email protected] | 5.3 | 0.80% | 2020-08-03 | 2024-11-21 |