admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3530

Browse Source 
Auto-merge PR#3530
This commit is contained in:
CVE Team 2020-04-06 08:10:33 -04:00 committed by GitHub
commit 290369b592
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 91 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2020/10xxx/CVE-2020-10267.json
View File

@ -1,18 +1,102 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-04-04T17:31:46 +00:00",
"ID": "CVE-2020-10267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UR3, UR5 and UR10",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Universal Robots"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Víctor Mayoral Vilches <victor@aliasrobotics.com>"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "high",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 (Missing Encryption of Sensitive Data)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.universal-robots.com/plus/",
"refsource": "CONFIRM",
"url": "https://www.universal-robots.com/plus/"
}
}
],
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/1489",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/1489"
}
]
},
"source": {
"defect": [
"RVD#1489"
],
"discovery": "EXTERNAL"
}
}