Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-10290
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RVD#1495: Universal Robots URCaps execute with unbounded privileges
Source: NVD (National Vulnerability Database)
Vulnerability Description
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
带着不必要的权限执行
Source: NVD (National Vulnerability Database)
Vulnerability Title
Universal Robots controller 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Universal Robots UR 3是丹麦优傲机器人(Universal Robots)公司的一款协作型工业机器人手臂。 Universal Robots controller存在安全漏洞,该漏洞允许攻击者在没有任何权限限制的情况下执行URCaps(包含Java驱动的应用程序的zip文件),导致URCap在用户部署时破坏了系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Universal RobotsURx unspecified -
II. Public POCs for CVE-2020-10290
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-10290
Please Login to view more intelligence information
New Vulnerabilities
Product: URx
Vendor: Universal Robots
Same weakness: CWE-250
V. Comments for CVE-2020-10290

No comments yet

Leave a comment