FKIE_CVE-2020-10265

Vulnerability from fkie_nvd - Published: 2020-04-06 12:15 - Updated: 2024-11-21 04:55
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.
References
cve@aliasrobotics.comhttps://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/Vendor Advisory
Impacted products
Vendor Product Version
universal-robots ur_software *
universal-robots ur10 -
universal-robots ur3 -
universal-robots ur5 -
universal-robots ur_software *
universal-robots ur10 -
universal-robots ur5 -
universal-robots ur_software *
universal-robots ur10e -
universal-robots ur3e -
universal-robots ur5e -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DBD9531-40D3-4B4B-A90A-23538C4CACAA",
              "versionEndIncluding": "3.3.3.292",
              "versionStartIncluding": "3.0.14989",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EAD156-50AB-4402-A42B-3E536AE99C32",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEBB3217-A74E-4EF2-BD4B-3964E57BC759",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "304BF507-9AE5-4A15-B037-32115093C73C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42ABFA21-2115-4D23-99D5-5925B67BAE1D",
              "versionStartIncluding": "1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EAD156-50AB-4402-A42B-3E536AE99C32",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "304BF507-9AE5-4A15-B037-32115093C73C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDE81CE-8BB3-4764-BC90-4A0E81F08479",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:universal-robots:ur10e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BD1EE16-7833-4B3F-93BA-B1E83EAED4BA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur3e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "142B520E-BB5E-4677-9D59-08064EFD2EAC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur5e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B066243-52D3-4A2A-B62F-C5E9CF74DFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization."
    },
    {
      "lang": "es",
      "value": "Universal Robots Robot Controllers Version CB2 SW Versi\u00f3n 1.4, y superiores, CB3 SW Versi\u00f3n 3.0 y superiores, e-series SW Versi\u00f3n 5.0 y superiores, exponen un servicio llamado servidor DashBoard en el puerto 29999 que permite el control sobre las funciones centrales del robot como iniciar/detener programas, apagar, restablecer la seguridad y m\u00e1s. El servidor DashBoard no est\u00e1 protegido por ning\u00fan tipo de autenticaci\u00f3n o autorizaci\u00f3n."
    }
  ],
  "id": "CVE-2020-10265",
  "lastModified": "2024-11-21T04:55:05.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5,
        "source": "cve@aliasrobotics.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-06T12:15:12.877",
  "references": [
    {
      "source": "cve@aliasrobotics.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
    }
  ],
  "sourceIdentifier": "cve@aliasrobotics.com",
  "vendorComments": [
    {
      "comment": "Software version 5.10 brings improvements to usability and configurability of Secure Shell Protocol (SSH), such that tunneling can be used to secure primary, secondary, RT, RTDE, DashBoard server and other interfaces. Universal Robots recommends that all users use SSH tunneling to access these interfaces in applications requiring authentication and encryption.\n\nAdditionally, SW version 5.10 includes a built-in configurable firewall, allowing fine-grained restrictions of remote access, and number of other security improvements. Universal Robots (UR) recommends always using the latest UR software, as security improvements will be rolled out continuously.\n\nCB2 and CB3 cobots are designed to be operating in factory networks where security relies on boundary protection (firewalls) and trusted clients on the network. They must only be connected to trusted networks and operated by authorized personnel.\n",
      "lastModified": "2022-04-12T13:44:33.420",
      "organization": "Universal Robots"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "cve@aliasrobotics.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.