CVE-2020-10266

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
References
Link Resource
https://github.com/aliasrobotics/RVD/issues/1487 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:universal-robots:ur\+:-:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-06 12:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-10266

Mitre link : CVE-2020-10266

CVE.ORG link : CVE-2020-10266


JSON object : View

Products Affected

universal-robots

  • ur10
  • ur5
  • ur\+
  • ur3
CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-353

Missing Support for Integrity Check