CVE-2020-10267

Name of the Vulnerable Software and Affected Versions Universal Robots control box CB 3.1 versions 1.10 through 1.12.1

Description The issue concerns the lack of encryption or protection for intellectual property artifacts installed from the UR+ platform, specifically URCaps files. These files, stored as plain zip files under '/root/.urcaps', contain logic to add functionality to UR3, UR5, and UR10 robots. An attacker with access to the robot or its network could exploit this, in combination with other flaws, to retrieve and exfiltrate installed intellectual property.

Recommendations For Universal Robots control box CB 3.1 versions 1.10 through 1.12.1, consider restricting access to the '/root/.urcaps' directory to minimize the risk of exploitation. As a temporary workaround, limit network access to the robot to reduce the potential for attackers to retrieve URCaps files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.