CVE-2020-10266

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:universal-robots:ur\+:-:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://github.com/aliasrobotics/RVD/issues/1487 - Third Party Advisory () https://github.com/aliasrobotics/RVD/issues/1487 - Third Party Advisory

Information

Published : 2020-04-06 12:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10266

Mitre link : CVE-2020-10266

CVE.ORG link : CVE-2020-10266


JSON object : View

Products Affected

universal-robots

  • ur5
  • ur3
  • ur10
  • ur\+
CWE
CWE-353

Missing Support for Integrity Check

CWE-345

Insufficient Verification of Data Authenticity