Search criteria
4 vulnerabilities found for xArm5 Lite, xArm 6 and xArm 7 by uFactory
CVE-2020-10285 (GCVE-0-2020-10285)
Vulnerability from cvelistv5 – Published: 2020-07-15 21:00 – Updated: 2024-09-17 02:32
VLAI?
Title
RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks
Summary
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
Severity ?
9.4 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| uFactory | xArm5 Lite, xArm 6 and xArm 7 |
Affected:
v1.5.0 and before
|
Credits
Alfonso Glera (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xArm5 Lite, xArm 6 and xArm 7",
"vendor": "uFactory",
"versions": [
{
"status": "affected",
"version": "v1.5.0 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T21:00:14",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
],
"source": {
"defect": [
"RVD#3322"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T20:57:53 +00:00",
"ID": "CVE-2020-10285",
"STATE": "PUBLIC",
"TITLE": "RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xArm5 Lite, xArm 6 and xArm 7",
"version": {
"version_data": [
{
"version_value": "v1.5.0 and before"
}
]
}
}
]
},
"vendor_name": "uFactory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/3322",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
]
},
"source": {
"defect": [
"RVD#3322"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10285",
"datePublished": "2020-07-15T21:00:14.468329Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:32:51.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10284 (GCVE-0-2020-10284)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:25 – Updated: 2024-09-16 23:21
VLAI?
Title
RVD#3321: No Authentication required to exert manual control of the robot
Summary
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
Severity ?
9.1 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| uFactory | xArm5 Lite, xArm 6 and xArm 7 |
Affected:
v1.5.0 and before
|
Credits
Alfonso Glera (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xArm5 Lite, xArm 6 and xArm 7",
"vendor": "uFactory",
"versions": [
{
"status": "affected",
"version": "v1.5.0 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:25:13",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
],
"source": {
"defect": [
"RVD#3321"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3321: No Authentication required to exert manual control of the robot",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T19:16:14 +00:00",
"ID": "CVE-2020-10284",
"STATE": "PUBLIC",
"TITLE": "RVD#3321: No Authentication required to exert manual control of the robot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xArm5 Lite, xArm 6 and xArm 7",
"version": {
"version_data": [
{
"version_value": "v1.5.0 and before"
}
]
}
}
]
},
"vendor_name": "uFactory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-656"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ufactory.cc/#/en/support/download/xarm",
"refsource": "CONFIRM",
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
]
},
"source": {
"defect": [
"RVD#3321"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10284",
"datePublished": "2020-07-15T19:25:13.961653Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-16T23:21:30.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10285 (GCVE-0-2020-10285)
Vulnerability from nvd – Published: 2020-07-15 21:00 – Updated: 2024-09-17 02:32
VLAI?
Title
RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks
Summary
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
Severity ?
9.4 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| uFactory | xArm5 Lite, xArm 6 and xArm 7 |
Affected:
v1.5.0 and before
|
Credits
Alfonso Glera (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xArm5 Lite, xArm 6 and xArm 7",
"vendor": "uFactory",
"versions": [
{
"status": "affected",
"version": "v1.5.0 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T21:00:14",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
],
"source": {
"defect": [
"RVD#3322"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T20:57:53 +00:00",
"ID": "CVE-2020-10285",
"STATE": "PUBLIC",
"TITLE": "RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xArm5 Lite, xArm 6 and xArm 7",
"version": {
"version_data": [
{
"version_value": "v1.5.0 and before"
}
]
}
}
]
},
"vendor_name": "uFactory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/3322",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/3322"
}
]
},
"source": {
"defect": [
"RVD#3322"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10285",
"datePublished": "2020-07-15T21:00:14.468329Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-17T02:32:51.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10284 (GCVE-0-2020-10284)
Vulnerability from nvd – Published: 2020-07-15 19:25 – Updated: 2024-09-16 23:21
VLAI?
Title
RVD#3321: No Authentication required to exert manual control of the robot
Summary
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
Severity ?
9.1 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| uFactory | xArm5 Lite, xArm 6 and xArm 7 |
Affected:
v1.5.0 and before
|
Credits
Alfonso Glera (Alias Robotics)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xArm5 Lite, xArm 6 and xArm 7",
"vendor": "uFactory",
"versions": [
{
"status": "affected",
"version": "v1.5.0 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:25:13",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
],
"source": {
"defect": [
"RVD#3321"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3321: No Authentication required to exert manual control of the robot",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-15T19:16:14 +00:00",
"ID": "CVE-2020-10284",
"STATE": "PUBLIC",
"TITLE": "RVD#3321: No Authentication required to exert manual control of the robot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xArm5 Lite, xArm 6 and xArm 7",
"version": {
"version_data": [
{
"version_value": "v1.5.0 and before"
}
]
}
}
]
},
"vendor_name": "uFactory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alfonso Glera (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-656"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ufactory.cc/#/en/support/download/xarm",
"refsource": "CONFIRM",
"url": "https://www.ufactory.cc/#/en/support/download/xarm"
}
]
},
"source": {
"defect": [
"RVD#3321"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10284",
"datePublished": "2020-07-15T19:25:13.961653Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-16T23:21:30.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}