SB2018071109 - Multiple vulnerabilities in Universal Robots Robot Controllers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018071109

SB2018071109 - Multiple vulnerabilities in Universal Robots Robot Controllers

Published: July 11, 2018

Security Bulletin ID SB2018071109
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of hard-coded credentials (CVE-ID: CVE-2018-10633)

The vulnerability allows a remote attacker to reset passwords for the controller on the target system.

The vulnerability exists due to the application utilizes hard-coded credentials. A remote unauthenticated attacker can reset passwords for the controller.


2) Authentication bypass (CVE-ID: CVE-2018-10635)

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to ports 30001/TCP to 30003/TCP listen for arbitrary URScript code. A remote unauthenticated attacker who has access to the ports can bypass authentication and execute arbitrary code that may allow root access to be obtained.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References