#VU13799 Authentication bypass in SW and CB
Vulnerability identifier: #VU13799
Vulnerability risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-306
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SW
Web applications /
Other software
CB
Web applications /
Other software
Vendor: Universal Robots
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to ports 30001/TCP to 30003/TCP listen for arbitrary URScript code. A remote unauthenticated attacker who has access to the ports can bypass authentication and execute arbitrary code that may allow root access to be obtained.
Mitigation
Universal Robots recommends the follow remedial actions:
- Only allow trusted users physical access to the robot control box and teach pendant.
- Do not connect the robot to a network unless it is required by the application.
- Do not connect the robot directly to the internet. Use a secure network with proper firewall configuration (Ports 30001/TCP to 30003/TCP must be restricted).
- Make the private subnet where the robot network interface is exposed as small as possible.
Vulnerable software versions
SW: 3.4.5-100
CB: 3.1
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-191-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
