Refine your search

1 vulnerability found for Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 by Universal Robots

CVE-2018-10635 (GCVE-0-2018-10635)
Vulnerability from cvelistv5
Published
2018-07-11 17:00
Modified
2024-09-17 03:18
Severity ?
CWE
  • CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION
Summary
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained.
References
Impacted products
Vendor Product Version
Universal Robots Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 Version: Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104710",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104710"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100",
          "vendor": "Universal Robots",
          "versions": [
            {
              "status": "affected",
              "version": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-12T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "104710",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104710"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-07-10T00:00:00",
          "ID": "CVE-2018-10635",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Universal Robots"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104710",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104710"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-10635",
    "datePublished": "2018-07-11T17:00:00.000Z",
    "dateReserved": "2018-05-01T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:18:19.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}