Sign-up

ID

VAR-202008-0079


CVE

CVE-2020-10290


TITLE

URCaps Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010254

DESCRIPTION

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system. URCaps Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10290 // JVNDB: JVNDB-2020-010254

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:sintefmodel:urxscope:eqversion: -

Trust: 1.0

vendor:universal robotsmodel:urcapsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010254 // NVD: CVE-2020-10290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10290
value: MEDIUM

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10290
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010254
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-1104
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-10290
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010254
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10290
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10290
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-010254
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010254 // CNNVD: CNNVD-202008-1104 // NVD: CVE-2020-10290 // NVD: CVE-2020-10290

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.8

problemtype:CWE-250

Trust: 1.0

sources: JVNDB: JVNDB-2020-010254 // NVD: CVE-2020-10290

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010254

PATCH
title:RVD#1495: Universal Robots URCaps execute with unbounded privileges #1495url:https://github.com/aliasrobotics/RVD/issues/1495
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010254

EXTERNAL IDS
db:NVDid:CVE-2020-10290
Trust: 2.5
db:JVNDBid:JVNDB-2020-010254
Trust: 0.8
db:CNNVDid:CNNVD-202008-1104
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-010254 // 
            
            
            
            CNNVD: CNNVD-202008-1104 // 
            
            
            
            NVD: CVE-2020-10290

REFERENCES
url:https://github.com/aliasrobotics/rvd/issues/1495
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-10290
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10290
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-010254 // 
            
            
            
            CNNVD: CNNVD-202008-1104 // 
            
            
            
            NVD: CVE-2020-10290

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2020-010254
db:CNNVDid:CNNVD-202008-1104
db:NVDid:CVE-2020-10290

LAST UPDATE DATE
2025-01-30T21:09:02.675000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-010254date:2021-01-04T05:08:53
db:CNNVDid:CNNVD-202008-1104date:2021-01-05T00:00:00
db:NVDid:CVE-2020-10290date:2024-11-21T04:55:09.053

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-010254date:2021-01-04T05:08:53
db:CNNVDid:CNNVD-202008-1104date:2020-08-21T00:00:00
db:NVDid:CVE-2020-10290date:2020-08-21T15:15:12.540