CVE-2020-10266
Last modified
CVE-2020-10266 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Universal-Robots | Ur\+ | All versions |
References
- https://github.com/aliasrobotics/RVD/issues/1487Third Party Advisory
- https://github.com/aliasrobotics/RVD/issues/1487Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10266?
How severe is CVE-2020-10266?
How do I fix CVE-2020-10266?
Are you affected by CVE-2020-10266?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST