Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Universal Robots Robot Controllers CB 3.1 by Universal Robots A/S

    CVE-2020-10264 (GCVE-0-2020-10264)

    Vulnerability from nvd – Published: 2020-04-06 12:08 – Updated: 2024-09-17 03:28
    VLAI
    Title
    RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs
    Summary
    CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Universal Robots A/S Universal Robots Robot Controllers CB 3.1 Affected: CB3 SW Versions 3.3 up to 3.12.1
    Create a notification for this product.
    Universal Robots A/S Universal Robots Robot Controllers e-Series Affected: next of SW Versions 5.0 up to 5.7 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2020-04-01 00:00
    Credits
    Bernhard Dieber, Benjamin Breiling (and many others)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:58:40.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Universal Robots Robot Controllers CB 3.1",
              "vendor": "Universal Robots A/S",
              "versions": [
                {
                  "status": "affected",
                  "version": "CB3 SW Versions 3.3 up to 3.12.1"
                }
              ]
            },
            {
              "product": "Universal Robots Robot Controllers e-Series",
              "vendor": "Universal Robots A/S",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of SW Versions 5.0 up to 5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bernhard Dieber, Benjamin Breiling (and many others)"
            }
          ],
          "datePublic": "2020-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-06T12:08:40.000Z",
            "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
            "shortName": "Alias"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
            }
          ],
          "source": {
            "defect": [
              "RVD#1444"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@aliasrobotics.com",
              "DATE_PUBLIC": "2020-04-01T00:00:00.000Z",
              "ID": "CVE-2020-10264",
              "STATE": "PUBLIC",
              "TITLE": "RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Universal Robots Robot Controllers CB 3.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CB3 SW Versions 3.3 up to 3.12.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Universal Robots Robot Controllers e-Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "SW Versions 5.0 up to 5.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Universal Robots A/S"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bernhard Dieber, Benjamin Breiling (and many others)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/",
                  "refsource": "CONFIRM",
                  "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
                }
              ]
            },
            "source": {
              "defect": [
                "RVD#1444"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "assignerShortName": "Alias",
        "cveId": "CVE-2020-10264",
        "datePublished": "2020-04-06T12:08:40.625Z",
        "dateReserved": "2020-03-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:29.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10264 (GCVE-0-2020-10264)

    Vulnerability from cvelistv5 – Published: 2020-04-06 12:08 – Updated: 2024-09-17 03:28
    VLAI
    Title
    RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs
    Summary
    CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Universal Robots A/S Universal Robots Robot Controllers CB 3.1 Affected: CB3 SW Versions 3.3 up to 3.12.1
    Create a notification for this product.
    Universal Robots A/S Universal Robots Robot Controllers e-Series Affected: next of SW Versions 5.0 up to 5.7 , < unspecified (custom)
    Create a notification for this product.
    Date Public
    2020-04-01 00:00
    Credits
    Bernhard Dieber, Benjamin Breiling (and many others)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:58:40.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Universal Robots Robot Controllers CB 3.1",
              "vendor": "Universal Robots A/S",
              "versions": [
                {
                  "status": "affected",
                  "version": "CB3 SW Versions 3.3 up to 3.12.1"
                }
              ]
            },
            {
              "product": "Universal Robots Robot Controllers e-Series",
              "vendor": "Universal Robots A/S",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "next of SW Versions 5.0 up to 5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bernhard Dieber, Benjamin Breiling (and many others)"
            }
          ],
          "datePublic": "2020-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-06T12:08:40.000Z",
            "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
            "shortName": "Alias"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
            }
          ],
          "source": {
            "defect": [
              "RVD#1444"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@aliasrobotics.com",
              "DATE_PUBLIC": "2020-04-01T00:00:00.000Z",
              "ID": "CVE-2020-10264",
              "STATE": "PUBLIC",
              "TITLE": "RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Universal Robots Robot Controllers CB 3.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "CB3 SW Versions 3.3 up to 3.12.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Universal Robots Robot Controllers e-Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e",
                                "version_value": "SW Versions 5.0 up to 5.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Universal Robots A/S"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bernhard Dieber, Benjamin Breiling (and many others)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/",
                  "refsource": "CONFIRM",
                  "url": "https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/"
                }
              ]
            },
            "source": {
              "defect": [
                "RVD#1444"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "assignerShortName": "Alias",
        "cveId": "CVE-2020-10264",
        "datePublished": "2020-04-06T12:08:40.625Z",
        "dateReserved": "2020-03-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:29.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }