Improper access control in VGo Celia - CVE-2018-17931
Published: October 19, 2018
Vulnerability identifier: #VU15426
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-17931
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Vecna Technologies
Affected software:
VGo Celia
VGo Celia
Detailed vulnerability description
The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists due to improper access control. An adjacent attacker can plug in a USB thumb drive into a robot, cause the robot's firmware to execute a file hosted on the USB stick (/config/startup.script) with root privileges, giving the attacker the opportunity to hijack the device.
The weakness exists due to improper access control. An adjacent attacker can plug in a USB thumb drive into a robot, cause the robot's firmware to execute a file hosted on the USB stick (/config/startup.script) with root privileges, giving the attacker the opportunity to hijack the device.
How to mitigate CVE-2018-17931
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.