RVD#6: UR3, UR5, UR10 Stack-based buffer overflow

[aliasbot]

{
    "id": 6,
    "title": "RVD#6: UR3, UR5, UR10 Stack-based buffer overflow",
    "type": "vulnerability",
    "description": " An stack-based buffer overflow in Universal Robots Modbus TCP service could allow remote attackers to execute arbitrary code and alter protected settings via specially crafted packets.On version 3.1-3.3.4-310 Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Stack Overflow (CWE-121)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: UR3",
        "severity: critical",
        "vendor: Universal Robots",
        "vulnerability"
    ],
    "system": "UR3, UR5, UR10",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": "10.0",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:H/H:H",
        "severity-description": "critical",
        "cvss-score": 10.0,
        "cvss-vector": "CVSS:3.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:H"
    },
    "links": [
        "https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf",
        "https://ioactive.com/exploiting-industrial-collaborative-robots/",
        "https://github.com/aliasrobotics/RVD/issues/6",
        "https://2017.zeronights.org/wp-content/uploads/materials/ZN17_Lucas_Robots.pdf"
    ],
    "flaw": {
        "phase": "testing",
        "specificity": "subject-specific",
        "architectural-location": "application-specific code",
        "application": "manipulation",
        "subsystem": "actuation:manipulator",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "Lucas Apa (IOActive)",
        "detected-by-method": "testing violation",
        "date-reported": "2017-03-01",
        "reported-by": "Lucas Apa (IOActive)",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/6",
        "reproducibility": "always",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[vmayoral]

Further details on the exploitation of this vulnerability: https://2017.zeronights.org/wp-content/uploads/materials/ZN17_Lucas_Robots.pdf