Vulnerability identifier: #VU13799
Vulnerability risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID:
CWE-ID:
CWE-306
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
SW
Web applications /
Other software
CB
Web applications /
Other software
Vendor: Universal Robots
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to ports 30001/TCP to 30003/TCP listen for arbitrary URScript code. A remote unauthenticated attacker who has access to the ports can bypass authentication and execute arbitrary code that may allow root access to be obtained.
Mitigation
Universal Robots recommends the follow remedial actions:
Vulnerable software versions
SW: 3.4.5-100
CB: 3.1
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-191-01
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.