Researchers recently found vulnerabilities within the robot controllers from Universal Robots, a Danish manufacturer of robotic arms. What are these r
Researchers recently found vulnerabilities within the robot controllers from Universal Robots, a Danish manufacturer of robotic arms. What are these robot controllers used for and how can threat actors exploit these vulnerabilities?
Robot controllers from Universal Robots are used to automate processing tasks, including product assembly, painting, labeling, packing and welding. They can also be used for machine tending, quality inspection, lab analysis and testing.
A developer can download manuals, drawings and robot software for Universal Robots controllers, as well as basic software that enables users to customize start and stop times and collision detections.
Researchers found two vulnerabilities in the Universal Robots product line, both of which earned a Common Vulnerability Scoring System severity rating of 9.8 out of 10 for being exploitable remotely and requiring only a low level of skill to exploit. In both cases, the vulnerabilities enable attackers to access the robot controllers without authorization.
The first vulnerability, tracked as CVE-2018-10633, involves hardcoded credentials that can be remotely used by attackers to reset the controller’s passwords.
The second vulnerability, tracked as CVE-2018-10635, is caused because the application is missing an authentication process for a critical function. The robot controller software is hardcoded to listen to TCP ports 30001 and 30003 for arbitrary code.
However, a remote attacker can execute code written in URScript, the Universal Robots scripting language, simply by sending it to either of those ports. By doing so, an attacker could take control over the robotic arm and cause it to move in any direction with the potential to cause harm.
The vulnerabilities in the Universal Robots controllers were the subject of an advisory from the United States Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in July 2018. The vulnerabilities were discovered by Davide Quarta, Mario Polino, Marcello Pogliani, and Stefano Zanero from Politecnico di Milano and Federico Maggi with Trend Micro.
According to the ICS-CERT alert, Universal Robots advised that these vulnerabilities could be mitigated by:
- Restricting access to vulnerable devices; only authorized and trusted users should have physical access to the devices.
- Keeping the vulnerable device isolated from all networks, unless connection is required by the application.
- Keeping the vulnerable device isolated from the public internet using a firewall that blocks TCP ports 30001 and 30003.
- Using the smallest possible private subnet to reduce the attack surface if the device must be connected to a network.
The ICS-CERT alert also included recommendations to minimize network exposure using firewalls, VPNs and restricted access networks.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)