Unrated severityNVD Advisory· Published Aug 21, 2020· Updated Sep 16, 2024
RVD#1495: Universal Robots URCaps execute with unbounded privileges
CVE-2020-10290
Description
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/aliasrobotics/RVD/issues/1495mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.