UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
References
Link | Resource |
---|---|
https://github.com/aliasrobotics/RVD/issues/1487 | Third Party Advisory |
https://github.com/aliasrobotics/RVD/issues/1487 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/aliasrobotics/RVD/issues/1487 - Third Party Advisory |
Information
Published : 2020-04-06 12:15
Updated : 2024-11-21 04:55
NVD link : CVE-2020-10266
Mitre link : CVE-2020-10266
CVE.ORG link : CVE-2020-10266
JSON object : View
Products Affected
universal-robots
- ur5
- ur3
- ur10
- ur\+