id: 1495title: 'RVD#1495: Universal Robots URCaps execute with unbounded privileges'type: vulnerabilitydescription: Universal Robots controller execute URCaps (zip files containing Java-poweredapplications) without any permission restrictions and a wide API that presents manyprimitives that can compromise the overall robot operations as demonstrated in ourvideo. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCapthat when deployed by the user (intendedly or unintendedly) compromises the systemcwe: CWE-250 (Execution with Unnecessary Privileges)cve: CVE-2020-10290keywords:
- Universal Robotssystem: URxvendor: Universal Robotsseverity:
rvss-score: 10.0rvss-vector: RVSS:1.0/AV:PR/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:H/A:H/H:Hseverity-description: criticalcvss-score: 6.8cvss-vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hlinks:
- https://www.universal-robots.com/plus/
- https://github.com/aliasrobotics/RVD/issues/1495flaw:
phase: testingspecificity: general issuearchitectural-location: platform codeapplication: industrial robot manipulatorsubsystem: manipulation:actuationpackage: libc6 2.19-11 i386languages: Cdate-detected: nulldetected-by: "Victor Mayoral Vilches and Unai Ayucar Carbajo (Alias Robotics)"detected-by-method: testingdate-reported: '2020-04-03'reported-by: "Victor Mayoral Vilches, Unai Ayucar Carbajo"reported-by-relationship: security researcherissue: https://github.com/aliasrobotics/RVD/issues/1495reproducibility: alwaystrace: N/Areproduction: Not availablereproduction-image: Not availableexploitation:
description: Generate a crafted URCap that takes all the computational resourcesof the robot.exploitation-image: Not availableexploitation-vector: Not availableexploitation-recipe: ''mitigation:
description: Sandbox and isolate URCaps to only the required components, interfaces,libraries and network connectionspull-request: Not availabledate-mitigation: null
The text was updated successfully, but these errors were encountered:
URCaps are run in a socket with all permissions to the system. This crafted URCap generates dynamic allocation elements (10000000) per each CPU cicle. It blocks completely any functionality of the UR.
The text was updated successfully, but these errors were encountered: