Universal Robots Polyscope 5
Summary
CISA has alerted users to vulnerabilities in Universal Robots Polyscope 5, specifically versions prior to 5.25.1. Successful exploitation could allow an unauthenticated attacker to bypass authentication and execute code on the robot's operating system through OS command injection in the Dashboard Server interface.
IFF Assessment
This alert details critical vulnerabilities that could allow attackers to compromise industrial robots, posing a significant threat to manufacturing operations and critical infrastructure.
Severity
The CVSS v3 score of 9.8 indicates a critical severity, primarily due to the 'Attack Vector: Network' and 'Privileges Required: None' for an 'OS Command Injection' vulnerability, which allows unauthenticated remote attackers to execute arbitrary code.
Defender Context
Defenders responsible for industrial control systems (ICS) and operational technology (OT) should prioritize patching Universal Robots Polyscope 5 to version 5.25.1 or later immediately. This vulnerability, an OS command injection, could lead to unauthorized code execution and system compromise, potentially disrupting manufacturing operations or impacting critical infrastructure.