CVE-2020-10266
HIGHUniversal Robots UR+ - Missing Integrity Check for Installed Components
Title source: llmDescription
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/aliasrobotics/RVD/issues/1487
Scores
CVSS v3
8.1
EPSS
0.0048
EPSS Percentile
37.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-353
CWE-345
Status
published
Products (1)
universal-robots/ur\+
Published
Apr 06, 2020
Tracked Since
Feb 18, 2026