CVE-2020-10265
CRITICALUniversal Robots ur_software 3.0.14989-3.3.3.292 - Unauthenticated Access to DashBoard Server
Title source: llmDescription
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. The DashBoard server is not protected by any kind of authentication or authorization.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/
Scores
CVSS v3
9.4
EPSS
0.0143
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
universal-robots/ur_software
3.0.14989 - 3.3.3.292
Published
Apr 06, 2020
Tracked Since
Feb 18, 2026