CVE-2020-10264 HIGH

CVE-2020-10264: RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs

Vendor Universal Robots A/S
Product Universal Robots Robot Controllers CB 3.1
Weakness CWE-200 · Info exposure
Published April 6, 2020
Last update September 17, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible

Key dates

02Disclosure timeline

April 6, 2020 CVE published
September 17, 2024 Record updated