CVE-2020-10265

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10e:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3e:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5e:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/ - Vendor Advisory () https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/ - Vendor Advisory

Information

Published : 2020-04-06 12:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10265

Mitre link : CVE-2020-10265

CVE.ORG link : CVE-2020-10265


JSON object : View

Products Affected

universal-robots

  • ur5
  • ur3
  • ur10
  • ur10e
  • ur5e
  • ur_software
  • ur3e
CWE
CWE-306

Missing Authentication for Critical Function