CVE-2020-10264

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. Additionally unautheticated reading of robot data is also possible
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*
OR cpe:2.3:h:universal-robots:ur10e:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur3e:-:*:*:*:*:*:*:*
cpe:2.3:h:universal-robots:ur5e:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/ - Vendor Advisory () https://www.universal-robots.com/how-tos-and-faqs/how-to/ur-how-tos/real-time-data-exchange-rtde-guide/ - Vendor Advisory

Information

Published : 2020-04-06 12:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10264

Mitre link : CVE-2020-10264

CVE.ORG link : CVE-2020-10264


JSON object : View

Products Affected

universal-robots

  • ur10
  • ur3e
  • ur10e
  • ur3
  • ur_software
  • ur5
  • ur5e
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-306

Missing Authentication for Critical Function