RVD icon indicating copy to clipboard operation
RVD copied to clipboard

Published 20 hours ago verified publisher icon aliasrobotics

RVD#673: CB3.1 3.4.5-3.14.x listen and execution of arbitrary URScript code

Open vmayoral opened this issue 5 years ago • 0 comments 

{
    "id": 673,
    "title": "RVD#673: CB3.1 3.4.5-3.14.x listen and execution of arbitrary URScript code",
    "type": "vulnerability",
    "description": "In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained.",
    "cwe": "CWE-306 (Missing Authentication for Critical Function)",
    "cve": "CVE-2018-10635",
    "keywords": [
        "Universal Robots",
        "manipulation",
        "cobot",
        "CB 3.1",
        "CB 3.4.5"
    ],
    "system": "Universal Robots Robot Controllers CB 3.1 3.4.5-100",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 10,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:R/Y:O/S:U/C:H/I:H/A:H/H:H",
        "severity-description": "critical",
        "cvss-score": 9.8,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    },
    "links": [
        "https://nvd.nist.gov/vuln/detail/CVE-2018-10635",
        "https://www.us-cert.gov/ics/advisories/ICSA-18-191-01",
        "https://gsec.hitb.org/materials/sg2017/COMMSEC%20D1%20-%20Cesar%20Cerrudo%20and%20Lucas%20Apa%20-%20Hacking%20Robots%20Before%20Skynet.pdf"
    ],
    "flaw": {
        "phase": "testing",
        "specificity": "subject-specific",
        "architectural-location": "application-specific code",
        "application": "manipulator, control box",
        "subsystem": "cognition:manipulation",
        "package": "N/A",
        "languages": "N/A",
        "date-detected": "2017-03-01",
        "detected-by": "Lucas Apa, Cesar Cerrudo (IOActive)",
        "detected-by-method": "testing violation",
        "date-reported": "2018-07-10 (00:00)",
        "reported-by": "Davide Quarta, Mario Polino, Marcello Pogliani  (Trend Micro), and Stefano Zanero from Politecnico di Milano as well as Federico Maggi",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/102",
        "reproducibility": "always",
        "trace": "N/A",
        "reproduction": "Not disclosed",
        "reproduction-image": "Not disclosed"
    },
    "exploitation": {
        "description": "Not disclosed",
        "exploitation-image": "Not disclosed",
        "exploitation-vector": "Not disclosed"
    },
    "mitigation": {
        "description": "Not disclosed",
        "pull-request": "Not disclosed",
        "date-mitigation": null
    }
}

vmayoral avatar Nov 19 '19 18:11 vmayoral