CVE-2020-10291

Name of the Vulnerable Software and Affected Versions Visual Components (affected versions not specified)

Description The Visual Components software, a robotic simulator, has a vulnerability in its network license server. The server binds to all interfaces and listens for packets over UDP port 5093 without requiring authentication or authorization. This allows attackers to retrieve sensitive system information, including detailed hardware and OS characteristics, by exploiting the RMS Sentinel license manager service. The protocol used leaks information about the receiving server, license information, and managing licenses. Attackers can use this flaw to launch local simulations with similar characteristics, potentially leading to further attacks. Additionally, the PLC Connectivity feature in Visual Components enables attackers to pivot from the simulator to robots or other Industrial Control System (ICS) devices, such as PLCs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.