HIGH🇵🇱 Wersja polska

CVE-2020-10266

CVSS 8.1v3.1pub. 2020-04-06upd. 2024-11-21

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Universal Robots Ur\+

    APP
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur10

    HW
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur3

    HW
    Universal-Robots
    wszystkie wersje
  • Universal Robots Ur5

    HW
    Universal-Robots
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-10265CRITICAL9.4ten sam produkt

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-serie...

CVE-2020-10264HIGH8.8ten sam produkt

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Re...

CVE-2020-10267HIGH7.5ten sam produkt

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not ...

CVE-2018-10633CRITICAL9.8ten sam vendor

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that m...

CVE-2018-10635CRITICAL9.8ten sam vendor

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP liste...