HIGH🇬🇧 English

CVE-2020-10267

CVSS 7.5v3.1pub. 2020-04-06upd. 2024-11-21

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Universal Robots Ur10

    HW
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur3

    HW
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur5

    HW
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur Software

    APP
    Universal-Robots
    3.0.14989 – 3.1.18213
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-10265CRITICAL9.4ten sam produkt

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-serie...

CVE-2020-10264HIGH8.8ten sam produkt

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Re...

CVE-2020-10266HIGH8.1ten sam produkt

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots....

CVE-2018-10633CRITICAL9.8ten sam vendor

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that m...

CVE-2018-10635CRITICAL9.8ten sam vendor

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP liste...