CVE-2020-10284 CRITICAL

CVE-2020-10284: RVD#3321: No Authentication required to exert manual control of the robot

Vendor Ufactory
Product xArm5 Lite, xArm 6 and xArm 7
Weakness CWE-656
Published July 15, 2020
Last update September 16, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.

Key dates

02Disclosure timeline

July 15, 2020 CVE published
September 16, 2024 Record updated