Skip to content

Latest commit

 

History

History
65 lines (62 loc) · 2.25 KB

vulnerability-template.md

File metadata and controls

65 lines (62 loc) · 2.25 KB
Raw
name about title labels assignees
Vulnerability report template
Template to report a vulnerability in RVD. See https://bit.ly/2JnamaD if in doubt
vulnerability, triage

Fill in following the example below. If you need further clarifications on any of the items, refer to our taxonomy (remove these lines line).

id: 672
title: "CB3.1 3.4.5-100 hard-coded public credentials for controller"
type: vulnerability
description: "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller."
cwe: "CWE-798 (Use of Hard-coded Credentials)"
cve: "CVE-2018-10633"
keywords: [
    "Universal Robots",
    "manipulation",
    "cobot",
    "CB 3.1",
    "CB 3.4.5"
]
system: "Universal Robots Robot Controllers CB 3.1 3.4.5-100"
vendor: "Universal Robots"
severity:
  rvss-score: 0
  rvss-vector: ""
  severity-description: "critical"
  cvss-score: 9.8
  cvss-vector: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
links: [
    'https://nvd.nist.gov/vuln/detail/CVE-2018-10633',
    'https://www.us-cert.gov/ics/advisories/ICSA-18-191-01',
    'https://gsec.hitb.org/materials/sg2017/COMMSEC%20D1%20-%20Cesar%20Cerrudo%20and%20Lucas%20Apa%20-%20Hacking%20Robots%20Before%20Skynet.pdf',
]
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific code
  application: manipulator, control box
  subsystem: cognition:manipulation
  package: N/A
  languages: N/A
  date-detected: 2017-03-01
  detected-by: Lucas Apa, Cesar Cerrudo (IOActive)
  detected-by-method: testing violation
  date-reported: 2018-07-10 (00:00)
  reported-by: Davide Quarta, Mario Polino, Marcello Pogliani  (Trend Micro), and Stefano Zanero from Politecnico di Milano as well as Federico Maggi
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/102
  reproducibility: always
  trace: N/A
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
mitigation:
  description: Not disclosed
  pull-request: Not disclosed