UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HUniversal Robots Ur\+
APPUniversal-Robotswszystkie wersjeUniversal Robots Ur10
HWUniversal-Robotswszystkie wersjeUniversal Robots Ur3
HWUniversal-Robotswszystkie wersjeUniversal Robots Ur5
HWUniversal-Robotswszystkie wersje
Related vulnerabilities
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-serie...
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Re...
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not ...
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that m...
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP liste...