{
"id": 1487,
"title": "RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot",
"type": "vulnerability",
"description": "UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.",
"cwe": "CWE-353 (Missing Support for Integrity Check)",
"cve": CVE-2020-10266,
"keywords": [
"Universal Robots"
],
"system": "CB3 SW Versions 3.3 up to 3.12.1",
"vendor": "Universal Robots",
"severity": {
"rvss-score": 10.0,
"rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:R/Y:Z/S:U/C:H/I:H/A:H/H:H",
"severity-description": "critical",
"cvss-score": 8.8,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"links": [
"https://www.universal-robots.com/plus/",
"https://www.universal-robots.com/plus/developer/",
"https://github.com/aliasrobotics/RVD/issues/1487"
],
"flaw": {
"phase": "testing",
"specificity": "general issue",
"architectural-location": "platform code",
"application": "industrial robot manipulator",
"subsystem": "manipulation:actuation",
"package": "libc6 2.19-11 i386",
"languages": "C",
"date-detected": null,
"detected-by": "Victor Mayoral Vilches <victor@aliasrobotics.com>, Mike Karamousadakis, Lander Usategui San Juan",
"detected-by-method": "testing",
"date-reported": "2020-04-03",
"reported-by": "Victor Mayoral Vilches <victor@aliasrobotics.com>",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/1487",
"reproducibility": "always",
"trace": "N/A",
"reproduction": "https://www.youtube.com/watch?v=y4AB-l-zFR4",
"reproduction-image": "Not available"
},
"exploitation": {
"description": "The lack of integrity checks in the URCaps downloaded from UR+ platform allow an attacker to take complete control of the robot and compromise confidentiality, integrity and availability. The UR+ SDK is widely available which allow malicious attackers to 'cook' malicious URCaps and ship them to targets via PITM attacks. User Interaction is required in the sense that she/he would need to install the .urcap in the robot.",
"exploitation-image": "Not available",
"exploitation-vector": "Not available"
},
"mitigation": {
"description": "Digitally sign the UR+ platform components and check the signature during the intalation process.",
"pull-request": "Not available",
"date-mitigation": null
}
}