CVE-2020-10267 - OpenCVE

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Universal-robots	Ur5 Ur Software Ur3 Ur10

Configuration 1 [-]

AND

cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:universal-robots:ur10:-:::::::*
	cpe:2.3:h:universal-robots:ur3:-:::::::*
	cpe:2.3:h:universal-robots:ur5:-:::::::*

References

Link	Resource
https://github.com/aliasrobotics/RVD/issues/1489	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Alias

Published: 2020-04-04T00:00:00

Updated: 2020-04-06T12:08:40

Reserved: 2020-03-10T00:00:00

Link: CVE-2020-10267

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-06T12:15:13.033

Modified: 2021-12-20T22:56:47.683

Link: CVE-2020-10267

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "UR3, UR5 and UR10", "vendor": "Universal Robots", "versions": [{"status": "affected", "version": "unspecified"}]}], "credits": [{"lang": "en", "value": "V\u00edctor Mayoral Vilches <victor@aliasrobotics.com>"}], "datePublic": "2020-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 (Missing Encryption of Sensitive Data)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-06T12:08:40", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aliasrobotics/RVD/issues/1489"}], "source": {"defect": ["RVD#1489"], "discovery": "EXTERNAL"}, "title": "RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions", "x_generator": {"engine": "Robot Vulnerability Database (RVD)"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-04-04T17:31:46 +00:00", "ID": "CVE-2020-10267", "STATE": "PUBLIC", "TITLE": "RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UR3, UR5 and UR10", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "Universal Robots"}]}}, "credit": [{"lang": "eng", "value": "V\u00edctor Mayoral Vilches <victor@aliasrobotics.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."}]}, "generator": {"engine": "Robot Vulnerability Database (RVD)"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "high", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-311 (Missing Encryption of Sensitive Data)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aliasrobotics/RVD/issues/1489", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/1489"}]}, "source": {"defect": ["RVD#1489"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10267", "datePublished": "2020-04-04T00:00:00", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2020-04-06T12:08:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:universal-robots:ur_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "914DFBBC-7743-4B1B-9875-8D6B6F907B99", "versionEndIncluding": "3.1.18213", "versionStartIncluding": "3.0.14989", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:universal-robots:ur10:-:*:*:*:*:*:*:*", "matchCriteriaId": "07EAD156-50AB-4402-A42B-3E536AE99C32", "vulnerable": false}, {"criteria": "cpe:2.3:h:universal-robots:ur3:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEBB3217-A74E-4EF2-BD4B-3964E57BC759", "vulnerable": false}, {"criteria": "cpe:2.3:h:universal-robots:ur5:-:*:*:*:*:*:*:*", "matchCriteriaId": "304BF507-9AE5-4A15-B037-32115093C73C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."}, {"lang": "es", "value": "Universal Robots control box CB versi\u00f3n 3.1, en todas las versiones de firmware (probadas en 1.12.1, 1.12, 1.11 y 1.10), no cifra ni protege de ninguna manera los artefactos de propiedad intelectual instalados desde la plataforma UR+ de componentes de hardware y software (URCaps). Estos archivos (*.urcaps) se almacenan en \"/root/.urcaps\" como archivos zip simples que contienen toda la l\u00f3gica para agregar funcionalidad a los robots UR3, UR5 y UR10. Este fallo permite a atacantes con acceso al robot o a la red de robots (mientras se combina con otros fallos) recuperar y filtrar f\u00e1cilmente toda la propiedad intelectual instalada."}], "id": "CVE-2020-10267", "lastModified": "2021-12-20T22:56:47.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@aliasrobotics.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-06T12:15:13.033", "references": [{"source": "cve@aliasrobotics.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/aliasrobotics/RVD/issues/1489"}], "sourceIdentifier": "cve@aliasrobotics.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "cve@aliasrobotics.com", "type": "Secondary"}]}