CVE-2020-10267

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/aliasrobotics/RVD/issues/1489	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:universal-robots:ur10:-:::::::*
	cpe:2.3:h:universal-robots:ur3:-:::::::*
	cpe:2.3:h:universal-robots:ur5:-:::::::*

History

20 Dec 2021, 22:56

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/aliasrobotics/RVD/issues/1489 - Exploit, Third Party Advisory~~	(CONFIRM) https://github.com/aliasrobotics/RVD/issues/1489 - Exploit, Issue Tracking, Third Party Advisory
CWE	~~CWE-311~~	CWE-312

Information

Published : 2020-04-06 12:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-10267

Mitre link : CVE-2020-10267

CVE.ORG link : CVE-2020-10267

JSON object : View

Products Affected

universal-robots

ur10
ur5
ur3
ur_software

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2020-10267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-04-06T12:15:13.033", "references": [{"url": "https://github.com/aliasrobotics/RVD/issues/1489", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."}, {"lang": "es", "value": "Universal Robots control box CB versi\u00f3n 3.1, en todas las versiones de firmware (probadas en 1.12.1, 1.12, 1.11 y 1.10), no cifra ni protege de ninguna manera los artefactos de propiedad intelectual instalados desde la plataforma UR+ de componentes de hardware y software (URCaps). Estos archivos (*.urcaps) se almacenan en \"/root/.urcaps\" como archivos zip simples que contienen toda la l\u00f3gica para agregar funcionalidad a los robots UR3, UR5 y UR10. Este fallo permite a atacantes con acceso al robot o a la red de robots (mientras se combina con otros fallos) recuperar y filtrar f\u00e1cilmente toda la propiedad intelectual instalada."}], "lastModified": "2021-12-20T22:56:47.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "914DFBBC-7743-4B1B-9875-8D6B6F907B99", "versionEndIncluding": "3.1.18213", "versionStartIncluding": "3.0.14989"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07EAD156-50AB-4402-A42B-3E536AE99C32"}, {"criteria": "cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FEBB3217-A74E-4EF2-BD4B-3964E57BC759"}, {"criteria": "cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "304BF507-9AE5-4A15-B037-32115093C73C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@aliasrobotics.com"}