CVE-2020-10266

EPSS 0.14%
Veröffentlicht 06.04.2020 12:15:12
Zuletzt bearbeitet 21.11.2024 04:55:05
Quelle cve@aliasrobotics.com
CVE-Watchlists
Login
Unerledigt
Login

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Universal-robots ≫ Ur+ Version-

   Universal-robots ≫ Ur10 Version-
   Universal-robots ≫ Ur3 Version-
   Universal-robots ≫ Ur5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.308

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@aliasrobotics.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-353 Missing Support for Integrity Check

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

https://github.com/aliasrobotics/RVD/issues/1487

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-10266

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10266

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10266

EUVD