VYPR

URCaps

by Universal Robots

CVEs (2)

  • CVE-2020-10267HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps)…

  • CVE-2020-10290MedAug 21, 2020
    risk 0.44cvss 6.8epss 0.00

    Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate…