Multiple vulnerabilities in Universal Robots Robot Controllers
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-10633 CVE-2018-10635 |
| CWE-ID | CWE-798 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SW Web applications / Other software CB Web applications / Other software |
| Vendor | Universal Robots |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU13798
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-10633
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to reset passwords for the controller on the target system.
The vulnerability exists due to the application utilizes hard-coded credentials. A remote unauthenticated attacker can reset passwords for the controller.
MitigationUniversal Robots recommends the follow remedial actions:
- Only allow trusted users physical access to the robot control box and teach pendant.
- Do not connect the robot to a network unless it is required by the application.
- Do not connect the robot directly to the internet. Use a secure network with proper firewall configuration (Ports 30001/TCP to 30003/TCP must be restricted).
- Make the private subnet where the robot network interface is exposed as small as possible.
SW: 3.4.5-100
CB: 3.1
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-191-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Authentication bypass
EUVDB-ID: #VU13799
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-10635
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to ports 30001/TCP to 30003/TCP listen for arbitrary URScript code. A remote unauthenticated attacker who has access to the ports can bypass authentication and execute arbitrary code that may allow root access to be obtained.
MitigationUniversal Robots recommends the follow remedial actions:
- Only allow trusted users physical access to the robot control box and teach pendant.
- Do not connect the robot to a network unless it is required by the application.
- Do not connect the robot directly to the internet. Use a secure network with proper firewall configuration (Ports 30001/TCP to 30003/TCP must be restricted).
- Make the private subnet where the robot network interface is exposed as small as possible.
SW: 3.4.5-100
CB: 3.1
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-191-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
