PT-2020-12039 · Universal Robots · Universal Robots Robot Controllers

Unai Ayucar Carbajo

Published

2020-08-21

Updated

2021-09-14

CVE-2020-10290

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Universal Robots controller (affected versions not specified)

Description The issue allows a malicious actor to compromise the system by creating a custom URCap, which is a zip file containing Java-powered applications. These URCaps can be executed by the Universal Robots controller without any permission restrictions. The controller's API provides many primitives that can be used to compromise the overall robot operations. A proof of concept demonstrates how a malicious actor could create such a URCap, which when deployed by the user, either intentionally or unintentionally, can compromise the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

CVE-2020-10290

Affected Products

Universal Robots Robot Controllers

PT-2020-12039 · Universal Robots · Universal Robots Robot Controllers

CVE-2020-10290

Weakness Enumeration

Related Identifiers

Affected Products

References · 3