VAR-201807-0330
Vulnerability from variot - Updated: 2023-12-18 12:18Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. Universal Robots Robot Controllers Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UniversalRobotsRobotControllers is a collaborative robot controller product from Denmark's Universal Robots. A security vulnerability exists in UniversalRobotsRobotControllersCB3.1 and SW3.4.5-100, which was caused by the program using hard-coded credentials. An attacker could use this vulnerability to reset the password for the controller. Robot Controllers is prone to a remote code-execution vulnerability and a security-bypass vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of affected device and to bypass security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0330",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cb3.1",
"scope": "eq",
"trust": 1.6,
"vendor": "universal robots",
"version": "3.4.5-100"
},
{
"model": "cb 3.1",
"scope": "eq",
"trust": 0.8,
"vendor": "universal robots",
"version": "sw 3.4.5-100"
},
{
"model": "robots robot controllers",
"scope": "eq",
"trust": 0.6,
"vendor": "universal",
"version": "3.1"
},
{
"model": "robots robot controllers 3.4.5-100",
"scope": null,
"trust": 0.6,
"vendor": "universal",
"version": null
},
{
"model": "robots robot controllers cb",
"scope": "eq",
"trust": 0.3,
"vendor": "universal",
"version": "3.13.4.5-100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cb3 1",
"version": "3.4.5-100"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "BID",
"id": "104710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:universal-robots:cb3.1_firmware:3.4.5-100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:universal-robots:cb3.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10633"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davide Quarta, Mario Polino, Marcello Pogliani, Stefano Zanero from Politecnico di Milano, Federico Maggi with Trend Micro, Cesar Cerrudo and Lucas Apa.",
"sources": [
{
"db": "BID",
"id": "104710"
}
],
"trust": 0.3
},
"cve": "CVE-2018-10633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10633",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-13081",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-120412",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10633",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10633",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-13081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1093",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-120412",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "VULHUB",
"id": "VHN-120412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. Universal Robots Robot Controllers Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UniversalRobotsRobotControllers is a collaborative robot controller product from Denmark\u0027s Universal Robots. A security vulnerability exists in UniversalRobotsRobotControllersCB3.1 and SW3.4.5-100, which was caused by the program using hard-coded credentials. An attacker could use this vulnerability to reset the password for the controller. Robot Controllers is prone to a remote code-execution vulnerability and a security-bypass vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of affected device and to bypass security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "BID",
"id": "104710"
},
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120412"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10633",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-191-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104710",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-13081",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F68B72-39AB-11E9-86B4-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120412",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "VULHUB",
"id": "VHN-120412"
},
{
"db": "BID",
"id": "104710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"id": "VAR-201807-0330",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "VULHUB",
"id": "VHN-120412"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
}
]
},
"last_update_date": "2023-12-18T12:18:42.229000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release notes 3.4.5",
"trust": 0.8,
"url": "https://www.universal-robots.com/how-tos-and-faqs/faq/ur-faq/release-note-software-version-34xx/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-191-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104710"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10633"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10633"
},
{
"trust": 0.3,
"url": "https://gsec.hitb.org/materials/sg2017/commsec%20d1%20-%20cesar%20cerrudo%20and%20lucas%20apa%20-%20hacking%20robots%20before%20skynet.pdf"
},
{
"trust": 0.3,
"url": "https://www.universal-robots.com/support/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "VULHUB",
"id": "VHN-120412"
},
{
"db": "BID",
"id": "104710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"db": "VULHUB",
"id": "VHN-120412"
},
{
"db": "BID",
"id": "104710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"date": "2018-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-120412"
},
{
"date": "2018-07-10T00:00:00",
"db": "BID",
"id": "104710"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"date": "2018-07-11T17:29:00.287000",
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"date": "2018-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13081"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120412"
},
{
"date": "2018-07-10T00:00:00",
"db": "BID",
"id": "104710"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007881"
},
{
"date": "2019-10-09T23:32:58.023000",
"db": "NVD",
"id": "CVE-2018-10633"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Universal Robots Robot Controllers Hardcoded Certificate Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f68b72-39ab-11e9-86b4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-13081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1093"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…