Details of VAR-201807-0330

ID

VAR-201807-0330

CVE

CVE-2018-10633

TITLE

Universal Robots Robot Controllers Hardcoded Certificate Vulnerability

Trust: 0.8

sources: IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // CNVD: CNVD-2018-13081

DESCRIPTION

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. Universal Robots Robot Controllers Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UniversalRobotsRobotControllers is a collaborative robot controller product from Denmark's Universal Robots. A security vulnerability exists in UniversalRobotsRobotControllersCB3.1 and SW3.4.5-100, which was caused by the program using hard-coded credentials. An attacker could use this vulnerability to reset the password for the controller. Robot Controllers is prone to a remote code-execution vulnerability and a security-bypass vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of affected device and to bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2018-10633 // JVNDB: JVNDB-2018-007881 // CNVD: CNVD-2018-13081 // BID: 104710 // IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // VULHUB: VHN-120412

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2
category:	['industrial device']	sub_category:	robot	Trust: 0.1

sources: OTHER: None // IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // CNVD: CNVD-2018-13081

AFFECTED PRODUCTS

vendor:	universal robots	model:	cb3.1	scope:	eq	version:	3.4.5-100	Trust: 1.6
vendor:	universal robots	model:	cb 3.1	scope:	eq	version:	sw 3.4.5-100	Trust: 0.8
vendor:	universal	model:	robots robot controllers	scope:	eq	version:	3.1	Trust: 0.6
vendor:	universal	model:	robots robot controllers 3.4.5-100	scope:	-	version:	-	Trust: 0.6
vendor:	universal	model:	robots robot controllers cb	scope:	eq	version:	3.13.4.5-100	Trust: 0.3
vendor:	cb3 1	model:	-	scope:	eq	version:	3.4.5-100	Trust: 0.2

sources: IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // CNVD: CNVD-2018-13081 // BID: 104710 // JVNDB: JVNDB-2018-007881 // CNNVD: CNNVD-201807-1093 // NVD: CVE-2018-10633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10633
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10633
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-13081
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-1093
value:	CRITICAL
Trust: 0.6
IVD:	e2f68b72-39ab-11e9-86b4-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-120412
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-10633
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-13081
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f68b72-39ab-11e9-86b4-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-120412
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-10633
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // CNVD: CNVD-2018-13081 // VULHUB: VHN-120412 // JVNDB: JVNDB-2018-007881 // CNNVD: CNNVD-201807-1093 // NVD: CVE-2018-10633

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-120412 // JVNDB: JVNDB-2018-007881 // NVD: CVE-2018-10633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1093

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1093

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007881

PATCH

title:

Release notes 3.4.5

url:

https://www.universal-robots.com/how-tos-and-faqs/faq/ur-faq/release-note-software-version-34xx/

Trust: 0.8

sources: JVNDB: JVNDB-2018-007881

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10633	Trust: 3.7
db:	ICS CERT	id:	ICSA-18-191-01	Trust: 3.4
db:	BID	id:	104710	Trust: 2.0
db:	CNNVD	id:	CNNVD-201807-1093	Trust: 0.9
db:	CNVD	id:	CNVD-2018-13081	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007881	Trust: 0.8
db:	IVD	id:	E2F68B72-39AB-11E9-86B4-000C29342CB1	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-120412	Trust: 0.1

sources: OTHER: None // IVD: e2f68b72-39ab-11e9-86b4-000c29342cb1 // CNVD: CNVD-2018-13081 // VULHUB: VHN-120412 // BID: 104710 // JVNDB: JVNDB-2018-007881 // CNNVD: CNNVD-201807-1093 // NVD: CVE-2018-10633

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-191-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/104710	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10633	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10633	Trust: 0.8
url:	https://gsec.hitb.org/materials/sg2017/commsec%20d1%20-%20cesar%20cerrudo%20and%20lucas%20apa%20-%20hacking%20robots%20before%20skynet.pdf	Trust: 0.3
url:	https://www.universal-robots.com/support/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-13081 // VULHUB: VHN-120412 // BID: 104710 // JVNDB: JVNDB-2018-007881 // CNNVD: CNNVD-201807-1093 // NVD: CVE-2018-10633

CREDITS

Davide Quarta, Mario Polino, Marcello Pogliani, Stefano Zanero from Politecnico di Milano, Federico Maggi with Trend Micro, Cesar Cerrudo and Lucas Apa.

Trust: 0.3

sources: BID: 104710

SOURCES

db:	OTHER	id:	-
db:	IVD	id:	e2f68b72-39ab-11e9-86b4-000c29342cb1
db:	CNVD	id:	CNVD-2018-13081
db:	VULHUB	id:	VHN-120412
db:	BID	id:	104710
db:	JVNDB	id:	JVNDB-2018-007881
db:	CNNVD	id:	CNNVD-201807-1093
db:	NVD	id:	CVE-2018-10633

LAST UPDATE DATE

2025-01-30T20:10:56.704000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-13081	date:	2018-07-13T00:00:00
db:	VULHUB	id:	VHN-120412	date:	2019-10-09T00:00:00
db:	BID	id:	104710	date:	2018-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-007881	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201807-1093	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-10633	date:	2024-11-21T03:41:42.273

SOURCES RELEASE DATE

db:	IVD	id:	e2f68b72-39ab-11e9-86b4-000c29342cb1	date:	2018-07-13T00:00:00
db:	CNVD	id:	CNVD-2018-13081	date:	2018-07-13T00:00:00
db:	VULHUB	id:	VHN-120412	date:	2018-07-11T00:00:00
db:	BID	id:	104710	date:	2018-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-007881	date:	2018-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201807-1093	date:	2018-07-12T00:00:00
db:	NVD	id:	CVE-2018-10633	date:	2018-07-11T17:29:00.287