CVE-2020-10265

Name of the Vulnerable Software and Affected Versions Universal Robots Robot Controllers versions 1.4 and upwards Universal Robots Robot Controllers CB3 SW Version 3.0 and upwards Universal Robots Robot Controllers e-series SW Version 5.0 and upwards

Description The issue concerns the exposure of a service called DashBoard server at port 29999, which allows control over core robot functions such as starting/stopping programs, shutdown, reset safety, and more. This DashBoard server lacks any kind of authentication or authorization, posing a significant risk.

Recommendations For Universal Robots Robot Controllers versions 1.4 and upwards, consider restricting access to the DashBoard server at port 29999 until a proper authentication or authorization mechanism is implemented. For Universal Robots Robot Controllers CB3 SW Version 3.0 and upwards, restrict access to the DashBoard server at port 29999 to minimize the risk of exploitation. For Universal Robots Robot Controllers e-series SW Version 5.0 and upwards, disable the DashBoard server at port 29999 if possible, or limit its accessibility to trusted networks or devices.