Unrated severityNVD Advisory· Published Apr 6, 2020· Updated Sep 17, 2024

RVD#1443: UR dashboard server enables unauthenticated remote control of core robot functions

CVE-2020-10265

Description

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.

Affected products

Universal Robots/Robot Controllers Version CB 3.1llm-fuzzy
Range: >=1.4 (CB2), >=3.0 (CB3), >=5.0 (e-series)
Universal Robots/Universal Robots controllercpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000