Lucene search

AliasCVE-2020-10265

HistoryApr 06, 2020 - 12:15 p.m.

CVE-2020-10265

2020-04-0612:15:12

CWE-306

Alias

web.nvd.nist.gov

universal robots

robot controllers

dashboard server

port 29999

unauthenticated

core control functions

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.

Affected configurations

Nvd

Node

universal-robotsur_softwareRange3.0.14989–3.3.3.292

AND

universal-robotsur10Match-

universal-robotsur3Match-

universal-robotsur5Match-

Node

universal-robotsur_softwareRange1.4≥

AND

universal-robotsur10Match-

universal-robotsur5Match-

Node

universal-robotsur_softwareRange5.0≥

AND

universal-robotsur10eMatch-

universal-robotsur3eMatch-

universal-robotsur5eMatch-

VendorProductVersionCPE
universal-robotsur_software*cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
universal-robotsur10-cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
universal-robotsur3-cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
universal-robotsur5-cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*
universal-robotsur10e-cpe:2.3:h:universal-robots:ur10e:-:*:*:*:*:*:*:*
universal-robotsur3e-cpe:2.3:h:universal-robots:ur3e:-:*:*:*:*:*:*:*
universal-robotsur5e-cpe:2.3:h:universal-robots:ur5e:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
universal-robots	ur_software	*	cpe:2.3:a:universal-robots:ur_software::::::::
universal-robots	ur10	-	cpe:2.3:h:universal-robots:ur10:-:::::::*
universal-robots	ur3	-	cpe:2.3:h:universal-robots:ur3:-:::::::*
universal-robots	ur5	-	cpe:2.3:h:universal-robots:ur5:-:::::::*
universal-robots	ur10e	-	cpe:2.3:h:universal-robots:ur10e:-:::::::*
universal-robots	ur3e	-	cpe:2.3:h:universal-robots:ur3e:-:::::::*
universal-robots	ur5e	-	cpe:2.3:h:universal-robots:ur5e:-:::::::*

CNA Affected

[
  {
    "product": "Universal Robots Robot Controllers CB 2, CB3, e-series",
    "vendor": "Universal Robots",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

References

www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVE-2020-10265