CVE-2020-10284 — CRITICAL (9.1)

Vulnerability Description

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ufactory	Xarm Studio	1.3.0

Related Weaknesses (CWE)

CWE-656

References

https://www.ufactory.cc/#/en/support/download/xarmVendor Advisory
https://www.ufactory.cc/#/en/support/download/xarmVendor Advisory

FAQ

What is CVE-2020-10284?

CVE-2020-10284 is a vulnerability with a CVSS score of 9.1 (CRITICAL). No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

How severe is CVE-2020-10284?

CVE-2020-10284 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-10284?

Check the references section above for vendor advisories and patch information. Affected products include: Ufactory Xarm Studio.