CVE-2020-10284

Name of the Vulnerable Software and Affected Versions xarm studio version 1.3.0

Description The issue allows for control of the robot inside the network without requiring authentication. According to the user manual, there should be an option to add a password to the robot, but this option is missing from the menu in xarm studio 1.3.0. This allows for manual control, including forcefully removing the current operator from an active session.

Recommendations For xarm studio version 1.3.0, consider adding a password to the robot manually or through alternative means to restrict unauthorized access, and ensure that only authorized operators have control over the robot. As a temporary workaround, restrict access to the robot's control interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.