Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/aliasrobotics/RVD/issues/1495 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Alias
Published: 2020-08-21T15:05:19.977025Z
Updated: 2024-09-16T19:15:10.454Z
Reserved: 2020-03-10T00:00:00
Link: CVE-2020-10290
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-21T15:15:12.540
Modified: 2024-11-21T04:55:09.053
Link: CVE-2020-10290
Redhat
No data.