Lucene search

K
cveAliasCVE-2020-10264
HistoryApr 06, 2020 - 12:15 p.m.

CVE-2020-10264

2020-04-0612:15:12
CWE-306
CWE-200
Alias
web.nvd.nist.gov
22
cve-2020-10264
cb3
e-series
sw version
rtde interface
port 30004
authenticated access
robot data

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

30.6%

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible

Affected configurations

Nvd
Node
universal-robotsur_softwareRange3.0.149893.3.3.292
AND
universal-robotsur10Match-
OR
universal-robotsur3Match-
OR
universal-robotsur5Match-
Node
universal-robotsur_softwareRange5.0
AND
universal-robotsur10eMatch-
OR
universal-robotsur3eMatch-
OR
universal-robotsur5eMatch-
VendorProductVersionCPE
universal-robotsur_software*cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
universal-robotsur10-cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
universal-robotsur3-cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
universal-robotsur5-cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*
universal-robotsur10e-cpe:2.3:h:universal-robots:ur10e:-:*:*:*:*:*:*:*
universal-robotsur3e-cpe:2.3:h:universal-robots:ur3e:-:*:*:*:*:*:*:*
universal-robotsur5e-cpe:2.3:h:universal-robots:ur5e:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Universal Robots Robot Controllers CB 3.1",
    "vendor": "Universal Robots A/S",
    "versions": [
      {
        "status": "affected",
        "version": "CB3 SW Versions 3.3 up to 3.12.1"
      }
    ]
  },
  {
    "product": "Universal Robots Robot Controllers e-Series",
    "vendor": "Universal Robots A/S",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of SW Versions 5.0 up to 5.7",
        "versionType": "custom"
      }
    ]
  }
]

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

30.6%

Related for CVE-2020-10264