Brightpick Internal Logic Control 访问控制错误漏洞

Brightpick Internal Logic Control is a suite of internal logic decision algorithm controllers from Brightpick USA. An access control error vulnerability exists in Brightpick Internal Logic Control that originates from unauthenticated access to the web interface and could lead to unauthorized robo...

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

CVE-2025-41108

The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...

CVE-2025-41110

Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full...

CVE-2025-41110

CVE-2025-41110 affects Ghost Robotics Vision 60, specifically APK v0.27.2. The issue arises from an authorization flaw in the ROS 2 stack, permitting connections to the robot’s WiFi and SSH without authentication. Consequences stated across sources include data exposure and full control of the ro...

EUVD-2025-35344

The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...

EUVD-2020-2726

Malware in sbrugna...

EUVD-2020-2739

Malware in sbrugna...

Robot Context Protocol (RCP): a Runtime-Agnostic Interface for Agent-Aware Robot Control

The Robot Context Protocol RCP is a lightweight, middleware-agnostic communication protocol designed to simplify the complexity of robotic systems and enable seamless interaction between robots, users, and autonomous agents. RCP provides a unified and semantically meaningful interface that...

CVE-2024-12078

ECOVACS robot lawn mowers and vacuums are affected by CVE-2024-12078 due to a shared static secret key used to encrypt BLE GATT messages. An unauthenticated attacker in BLE range can control any ECOVACS device using the same key. The issue is described across multiple sources, confirming the vuln...

CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...

ECOVACS lawnmower and vacuum vulnerabilities

RISK EVALUATION ECOVACS lawnmowers, vacuums, and other robots contain multiple vulnerabilities. In some cases, using a combination of vulnerabilities, an attacker within Bluetooth range or with appropriate network access can take complete control of a robot device. Some vulnerabilities allow an...

Aethon TUG Home Base Server 安全漏洞

Aethon TUG Home Base Server is a robotics server from Aethon, Inc. It is used to control and communicate with autonomous mobile robots. Aethon TUG Home Base Server has a security vulnerability that originates from an unauthenticated attacker being able to connect to the TUG Home Base Server...

Aethon TUG Home Base Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Aethon owned by ST Engineering Equipment: TUG Home Base Server Vulnerabilities: Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...

Bosch Rexroth IndraMotion Mlc Cross-Site Scripting Vulnerability

The Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robot control.A cross-site scripting vulnerability exists in the Bosch Rexroth IndraMotion Mlc, which stems from the lack of proper validation of client-side data by the WEB application. An attack...

ABB IRC5 FTP server Access Control Error Vulnerability

The ABB IRC5 is a robot control system. An Access Control Error vulnerability exists in the ABB IRC5 FTP server, which can be exploited by a remote attacker to submit a specially crafted request for unauthorized access to the system...

ABB IRC5 Trust Management Issue Vulnerability

The ABB IRC5 is a robot control system. ABB IRC5 suffers from a trust management issue vulnerability that can be exploited by a remote attacker to submit a special request for unauthorized access to the system...

CVE-2020-10286

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation...

Authentication flaw

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...

CVE-2020-10284 RVD#3321: No Authentication required to exert manual control of the robot

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...