Universal Robots · Universal Robots Robot Controllers · CVE-2020-10290
**Name of the Vulnerable Software and Affected Versions**
Universal Robots controller (affected versions not specified)
**Description**
The issue allows a malicious actor to compromise the system by creating a custom URCap, which is a zip file containing Java-powered applications. These URCaps can be executed by the Universal Robots controller without any permission restrictions. The controller's API provides many primitives that can be used to compromise the overall robot operations. A proof of concept demonstrates how a malicious actor could create such a URCap, which when deployed by the user, either intentionally or unintentionally, can compromise the system.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.