PT-2020-12013 · Universal Robots · E-Series+1

Published

2020-04-06

Updated

2021-09-14

CVE-2020-10264

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CB3 SW versions 3.3 and upwards e-series SW versions 5.0 and upwards

Description The issue allows authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004, enabling the setting of registers, the speed slider fraction, as well as digital and analog Outputs. Additionally, unauthorized reading of robot data is also possible.

Recommendations For CB3 SW versions 3.3 and upwards, restrict access to the RTDE interface on port 30004 to prevent unauthorized access. For e-series SW versions 5.0 and upwards, limit the use of the RTDE interface to only necessary authenticated users to minimize the risk of exploitation. As a temporary workaround, consider disabling access to the RTDE interface on port 30004 until a patch is available.

Fix

Missing Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-200

Related Identifiers

CVE-2020-10264

Affected Products

Cb3

E-Series

PT-2020-12013 · Universal Robots · E-Series+1

CVE-2020-10264

Weakness Enumeration

Related Identifiers

Affected Products

References · 4