CVE-2020-10292

Name of the Vulnerable Software and Affected Versions Visual Components (affected versions not specified)

Description The Visual Components software, a robotic simulator, has a vulnerability in its network license server. The server, which listens on UDP port 5093, does not require authentication or authorization to communicate. This allows an attacker to send a specially crafted package that can cause an arbitrary pointer from the stack to be dereferenced, leading to an uncaught exception that terminates the service. The protocol used by the RMS Sentinel license manager service is vulnerable to a denial-of-service (DoS) attack through an arbitrary pointer dereference. This vulnerability can be combined with other issues, such as information disclosure leaks or stack-overflows, to potentially execute code. The software's ability to interface with industrial machinery and automate processes could lead to higher repercussions in the event of a DoS attack, depending on the Industrial Control System (ICS) infrastructure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.