CVE-2020-10265 CRITICAL

CVE-2020-10265: RVD#1443: UR dashboard server enables unauthenticated remote control of core robot functions

Vendor Universal Robots
Product Universal Robots Robot Controllers CB 2, CB3, e-series
Weakness CWE-306 · Missing auth
Published April 6, 2020
Last update September 17, 2024

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.

Key dates

02Disclosure timeline

April 6, 2020 CVE published
September 17, 2024 Record updated