CVE-2020-10284
Last modified
CVE-2020-10284 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ufactory | Xarm Studio | 1.3.0 |
References
- https://www.ufactory.cc/#/en/support/download/xarmVendor Advisory
- https://www.ufactory.cc/#/en/support/download/xarmVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10284?
How severe is CVE-2020-10284?
How do I fix CVE-2020-10284?
Are you affected by CVE-2020-10284?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST