43 matches found
CVE-2020-10266
UR+ Universal Robots+ is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots e.g. in the UR10, no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universa...
Authorization
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safe...
Design/Logic Flaw
UR+ Universal Robots+ is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots e.g. in the UR10, no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universa...
Design/Logic Flaw
Universal Robots control box CB 3.1 across firmware versions tested on 1.12.1, 1.12, 1.11 and 1.10 does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components URCaps. These files .urcaps are stored under...
CVE-2020-10266
CVE-2020-10266 affects UR+ (Universal Robots+) components used with Universal Robots robotic arms (e.g., UR10). The vulnerability arises because installing components from UR+ involves no integrity checks, and the SDK to create such components is publicly available. An attacker could craft a mali...
CVE-2020-10266 RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot
UR+ Universal Robots+ is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots e.g. in the UR10, no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universa...
CVE-2020-10267 RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions
Universal Robots control box CB 3.1 across firmware versions tested on 1.12.1, 1.12, 1.11 and 1.10 does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components URCaps. These files .urcaps are stored under...
CVE-2020-10265 RVD#1443: UR dashboard server enables unauthenticated remote control of core robot functions
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safe...
CVE-2020-10267
CVE-2020-10267 affects the Universal Robots control box CB 3.1 (firmware versions 1.12.1, 1.12, 1.11, 1.10) where UR+ URCaps artifacts are stored under /root/.urcaps as plain zip files containing logic for UR3/UR5/UR10. The underlying issue is that these intellectual property artifacts are not en...
CVE-2020-10265
The CVE-2020-10265 entry covers UR Universal Robots Robot Controllers (CB2 1.4+, CB3 3.0+, e-series 5.0+) exposing a DashBoard server on port 29999 that allows control over core robot functions (start/stop programs, shutdown, reset safety, etc.) without authentication/authorization. This unauthen...
PT-2020-12014 · Universal Robots · Universal Robots Robot Controllers
Name of the Vulnerable Software and Affected Versions: Universal Robots Robot Controllers versions 1.4 and upwards Universal Robots Robot Controllers CB3 SW Version 3.0 and upwards Universal Robots Robot Controllers e-series SW Version 5.0 and upwards Description: The issue concerns the exposure ...
Code injection
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained...
CVE-2018-10635
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained...
Hardcoded credentials
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...
CVE-2018-10635
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained...
CVE-2018-10633
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...
CVE-2018-10633
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...
CVE-2018-10633
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...
CVE-2018-10635
The CVE-2018-10635 vulnerability affects Universal Robots Robot Controllers CB 3.1 with software version 3.4.5-100, where TCP ports 30001/30002/30003 listen for URScript and can be remotely executed, potentially giving root access. The issue stems from executing arbitrary URScript received on tho...
CVE-2018-10635
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained...