CVE-2020-10290

Summary

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system

Affected Software

VendorProductVersion RangeStatus
Universal RobotsURxunspecifiedaffected

Weaknesses

  • CWE-250: CWE-250 (Execution with Unnecessary Privileges)

ADP Enrichment

CVE Program Container

Additional References

References