Vulnerability Description
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Universal-Robots | Ur Software | >= 3.0.14989, <= 3.3.3.292 |
| Universal-Robots | Ur10 | - |
| Universal-Robots | Ur3 | - |
| Universal-Robots | Ur5 | - |
| Universal-Robots | Ur10E | - |
| Universal-Robots | Ur3E | - |
| Universal-Robots | Ur5E | - |
Related Weaknesses (CWE)
References
- https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-daVendor Advisory
- https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-daVendor Advisory
FAQ
What is CVE-2020-10265?
CVE-2020-10265 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that a...
How severe is CVE-2020-10265?
CVE-2020-10265 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10265?
Check the references section above for vendor advisories and patch information. Affected products include: Universal-Robots Ur Software, Universal-Robots Ur10, Universal-Robots Ur3, Universal-Robots Ur5, Universal-Robots Ur10E.