Sign-up

ID

VAR-201807-0331


CVE

CVE-2018-10635


TITLE

Universal Robots Robot Controllers Remote code execution vulnerability

Trust: 0.8

sources: IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // CNVD: CNVD-2018-13080

DESCRIPTION

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained. Universal Robots Robot Controllers Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UniversalRobotsRobotControllers is a collaborative robot controller product from Denmark's Universal Robots. A security vulnerability exists in UniversalRobotsRobotControllersCB3.1 and SW3.4.5-100, which stems from the TCP3001 to 3003 ports for listening and executing arbitrary URScript code. This may aid in further attacks

Trust: 2.79

sources: NVD: CVE-2018-10635 // JVNDB: JVNDB-2018-007882 // CNVD: CNVD-2018-13080 // BID: 104710 // IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // VULHUB: VHN-120414 // VULMON: CVE-2018-10635

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None // IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // CNVD: CNVD-2018-13080

AFFECTED PRODUCTS

vendor:universal robotsmodel:cb3.1scope:eqversion:3.4.5-100

Trust: 1.6

vendor:universal robotsmodel:cb 3.1scope:eqversion:sw 3.4.5-100

Trust: 0.8

vendor:universalmodel:robots robot controllersscope:eqversion:3.1

Trust: 0.6

vendor:universalmodel:robots robot controllers 3.4.5-100scope: - version: -

Trust: 0.6

vendor:universalmodel:robots robot controllers cbscope:eqversion:3.13.4.5-100

Trust: 0.3

vendor:cb3 1model: - scope:eqversion:3.4.5-100

Trust: 0.2

sources: IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // CNVD: CNVD-2018-13080 // BID: 104710 // JVNDB: JVNDB-2018-007882 // CNNVD: CNNVD-201807-1092 // NVD: CVE-2018-10635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10635
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10635
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-13080
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1092
value: CRITICAL

Trust: 0.6

IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-120414
value: HIGH

Trust: 0.1

VULMON: CVE-2018-10635
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-10635
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-13080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-120414
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10635
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // CNVD: CNVD-2018-13080 // VULHUB: VHN-120414 // VULMON: CVE-2018-10635 // JVNDB: JVNDB-2018-007882 // CNNVD: CNNVD-201807-1092 // NVD: CVE-2018-10635

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-120414 // JVNDB: JVNDB-2018-007882 // NVD: CVE-2018-10635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1092

TYPE

Access control error

Trust: 0.8

sources: IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // CNNVD: CNNVD-201807-1092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007882

PATCH
title:Release notes 3.4.5url:https://www.universal-robots.com/how-tos-and-faqs/faq/ur-faq/release-note-software-version-34xx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007882

EXTERNAL IDS
db:NVDid:CVE-2018-10635
Trust: 3.8
db:ICS CERTid:ICSA-18-191-01
Trust: 3.5
db:BIDid:104710
Trust: 2.1
db:CNNVDid:CNNVD-201807-1092
Trust: 0.9
db:CNVDid:CNVD-2018-13080
Trust: 0.8
db:JVNDBid:JVNDB-2018-007882
Trust: 0.8
db:IVDid:E2F6B280-39AB-11E9-A1AF-000C29342CB1
Trust: 0.2
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-120414
Trust: 0.1
db:VULMONid:CVE-2018-10635
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            IVD: e2f6b280-39ab-11e9-a1af-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-13080 // 
            
            
            
            VULHUB: VHN-120414 // 
            
            
            
            VULMON: CVE-2018-10635 // 
            
            
            
            BID: 104710 // 
            
            
            
            JVNDB: JVNDB-2018-007882 // 
            
            
            
            CNNVD: CNNVD-201807-1092 // 
            
            
            
            NVD: CVE-2018-10635

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-191-01
Trust: 3.6
url:http://www.securityfocus.com/bid/104710
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10635
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10635
Trust: 0.8
url:https://gsec.hitb.org/materials/sg2017/commsec%20d1%20-%20cesar%20cerrudo%20and%20lucas%20apa%20-%20hacking%20robots%20before%20skynet.pdf
Trust: 0.3
url:https://www.universal-robots.com/support/
Trust: 0.3
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-13080 // 
            
            
            
            VULHUB: VHN-120414 // 
            
            
            
            VULMON: CVE-2018-10635 // 
            
            
            
            BID: 104710 // 
            
            
            
            JVNDB: JVNDB-2018-007882 // 
            
            
            
            CNNVD: CNNVD-201807-1092 // 
            
            
            
            NVD: CVE-2018-10635

CREDITS
Davide Quarta, Mario Polino, Marcello Pogliani, Stefano Zanero from Politecnico di Milano, Federico Maggi with Trend Micro, Cesar Cerrudo and Lucas Apa.
Trust: 0.3
sources:
            
            
            BID: 104710

SOURCES
db:OTHERid: - 
db:IVDid:e2f6b280-39ab-11e9-a1af-000c29342cb1
db:CNVDid:CNVD-2018-13080
db:VULHUBid:VHN-120414
db:VULMONid:CVE-2018-10635
db:BIDid:104710
db:JVNDBid:JVNDB-2018-007882
db:CNNVDid:CNNVD-201807-1092
db:NVDid:CVE-2018-10635

LAST UPDATE DATE
2025-01-30T22:09:16.249000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-13080date:2018-07-13T00:00:00
db:VULHUBid:VHN-120414date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-10635date:2019-10-09T00:00:00
db:BIDid:104710date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-007882date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-1092date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10635date:2024-11-21T03:41:42.513

SOURCES RELEASE DATE
db:IVDid:e2f6b280-39ab-11e9-a1af-000c29342cb1date:2018-07-13T00:00:00
db:CNVDid:CNVD-2018-13080date:2018-07-13T00:00:00
db:VULHUBid:VHN-120414date:2018-07-11T00:00:00
db:VULMONid:CVE-2018-10635date:2018-07-11T00:00:00
db:BIDid:104710date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-007882date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-1092date:2018-07-12T00:00:00
db:NVDid:CVE-2018-10635date:2018-07-11T17:29:00.320