FKIE_CVE-2020-10267

Vulnerability from fkie_nvd - Published: 2020-04-06 12:15 - Updated: 2024-11-21 04:55
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.
References
cve@aliasrobotics.comhttps://github.com/aliasrobotics/RVD/issues/1489Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/aliasrobotics/RVD/issues/1489Exploit, Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
universal-robots ur_software *
universal-robots ur10 -
universal-robots ur3 -
universal-robots ur5 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "914DFBBC-7743-4B1B-9875-8D6B6F907B99",
              "versionEndIncluding": "3.1.18213",
              "versionStartIncluding": "3.0.14989",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EAD156-50AB-4402-A42B-3E536AE99C32",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEBB3217-A74E-4EF2-BD4B-3964E57BC759",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "304BF507-9AE5-4A15-B037-32115093C73C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under \u0027/root/.urcaps\u0027 as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."
    },
    {
      "lang": "es",
      "value": "Universal Robots control box CB versi\u00f3n 3.1, en todas las versiones de firmware (probadas en 1.12.1, 1.12, 1.11 y 1.10), no cifra ni protege de ninguna manera los artefactos de propiedad intelectual instalados desde la plataforma UR+ de componentes de hardware y software (URCaps). Estos archivos (*.urcaps) se almacenan en \"/root/.urcaps\" como archivos zip simples que contienen toda la l\u00f3gica para agregar funcionalidad a los robots UR3, UR5 y UR10. Este fallo permite a atacantes con acceso al robot o a la red de robots (mientras se combina con otros fallos) recuperar y filtrar f\u00e1cilmente toda la propiedad intelectual instalada."
    }
  ],
  "id": "CVE-2020-10267",
  "lastModified": "2024-11-21T04:55:06.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cve@aliasrobotics.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-06T12:15:13.033",
  "references": [
    {
      "source": "cve@aliasrobotics.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/1489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/1489"
    }
  ],
  "sourceIdentifier": "cve@aliasrobotics.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "cve@aliasrobotics.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.