search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
179 stars 31 forks source link

RVD#672: CB3.1 3.4.5-100 hard-coded public credentials for controller #672

Open vmayoral opened 5 years ago

vmayoral commented 5 years ago 
{
    "id": 672,
    "title": "RVD#672: CB3.1 3.4.5-100 hard-coded public credentials for controller",
    "type": "vulnerability",
    "description": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller.",
    "cwe": "CWE-798 (Use of Hard-coded Credentials)",
    "cve": "CVE-2018-10633",
    "keywords": [
        "Universal Robots",
        "manipulation",
        "cobot",
        "CB 3.1",
        "CB 3.4.5"
    ],
    "system": "Universal Robots Robot Controllers CB 3.1 3.4.5-100",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 9.8,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/Y:T/S:U/C:H/I:H/A:H/H:H",
        "severity-description": "critical",
        "cvss-score": 9.8,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    },
    "links": [
        "https://nvd.nist.gov/vuln/detail/CVE-2018-10633",
        "https://www.us-cert.gov/ics/advisories/ICSA-18-191-01",
        "https://gsec.hitb.org/materials/sg2017/COMMSEC%20D1%20-%20Cesar%20Cerrudo%20and%20Lucas%20Apa%20-%20Hacking%20Robots%20Before%20Skynet.pdf"
    ],
    "flaw": {
        "phase": "testing",
        "specificity": "subject-specific",
        "architectural-location": "application-specific code",
        "application": "manipulator, control box",
        "subsystem": "cognition:manipulation",
        "package": "N/A",
        "languages": "N/A",
        "date-detected": null,
        "detected-by": "Lucas Apa, Cesar Cerrudo (IOActive)",
        "detected-by-method": "testing violation",
        "date-reported": "2018-05-01 (00:00)",
        "reported-by": "Davide Quarta, Mario Polino, Marcello Pogliani  (Trend Micro), and Stefano Zanero from Politecnico di Milano as well as Federico Maggi",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/102",
        "reproducibility": "always",
        "trace": "N/A",
        "reproduction": "https://asciinema.org/a/EJ5ZzqAbiVvPLyNABXyOk3iez",
        "reproduction-image": "Not disclosed"
    },
    "exploitation": {
        "description": "Harcoded defaults root credentials, even if modified, subject to dict attacks",
        "exploitation-image": "Not disclosed",
        "exploitation-vector": "robosploit/exploits/universalrobots/ssh/default_creds"
    },
    "mitigation": {
        "description": "Not disclosed",
        "pull-request": "Not disclosed",
        "date-mitigation": null
    }
}
vmayoral commented 4 years ago

Demonstrated at https://asciinema.org/a/EJ5ZzqAbiVvPLyNABXyOk3iez