CVE-2019-13584

Name of the Vulnerable Software and Affected Versions FANUC Robotics Virtual Robot Controller version 8.23

Description The issue is related to incorrect restriction of directory path names with limited access in the web server of the FANUC Robotics Virtual Robot Controller software. Exploitation of this issue may allow an attacker to bypass existing directory name restrictions by sending a specially crafted HTTP request.

Recommendations For FANUC Robotics Virtual Robot Controller version 8.23, consider restricting access to the web server until a patch is available. As a temporary workaround, avoid using the web server for administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.