Víctor Mayoral Vilches
Víctor Mayoral Vilches
Assigned CVE ID.
Same as https://github.com/aliasrobotics/RVD/issues/453, further triage is needed in here.
@bbreilin a couple of things here while triaging. I couldn't find any details about CB 3.3 and AFAIK, only the following exists: - CB2: controller type is CB2 robot type...
Receives the following vector with CVSS 3.0 `CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` and a severity scoring of `8.8`.
Asigned preliminarily CVE-2020-10264.
Removed triage label, CVE asignation on its way https://github.com/CVEProject/cvelist/pull/3514. Thanks again @bbreilin and @bedieber for the ticket. Your CVE ID will be `CVE-2020-10264`
Minor edition in this ticket to avoid https://pyyaml.org/wiki/YAMLColonInFlowContext. Essentially, replaced scalar link by a string link.
Exploit demonstrated at https://asciinema.org/a/315015. Validated it for: - Universal Robots CB3.1, firmware version 3.12.1 (latest at the time of writing) - Universal Robots CB3.1, firmware version 3.12 - Universal Robots...
Sharing the `alurity.yml` file that can be used to reproduce this ticket below: alurity.yml file ```yaml ################## # alurity.yml example file ################## networks: - network: - driver: overlay - name:...
Thanks for the assessment @unaithetutamatumatu. @bedieber can you confirm you agree with the criticality evaluation @unaithetutamatumatu proposes? Refer to https://github.com/aliasrobotics/RVSS if you need to do further readings on the vectors.