Universal Robots Robot Controllers

Act Now9.8ICS-CERT ICSA-18-191-01Jul 10, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Universal Robots CB 3.1 SW (version 3.4.5-100 and earlier) contains vulnerabilities (CWE-798: Use of Hard-coded Credentials, CWE-306: Missing Authentication for Critical Function) that allow a remote attacker to run arbitrary code on the robot controller without authentication or user interaction. The controller listens on ports 30001-30003/TCP and can be reached from any network to which it is connected.

What this means

What could happen

An attacker could remotely execute commands on your Universal Robots controller, potentially altering motion commands, process parameters, or stopping robot operations entirely. This could cause unplanned production downtime, safety incidents, or product quality issues.

Who's at risk

Manufacturing and automation facilities using Universal Robots CB 3.1 robot controllers are affected, including automotive, electronics assembly, food and beverage, pharmaceuticals, and other industries relying on collaborative or industrial robots for production or material handling.

How it could be exploited

An attacker with network access to ports 30001–30003/TCP on the robot controller can exploit hard-coded credentials or missing authentication checks to send arbitrary commands directly to the robot control system. No user interaction or authentication is required once network connectivity is established.

Prerequisites

Network access to robot controller on ports 30001-30003/TCP
Robot must be connected to a network accessible to the attacker (including the Internet if not behind firewall)

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life product)Affects safety-critical equipment

Exploitability

Moderate exploit probability (EPSS 3.2%)

Affected products (1)

ProductAffected VersionsFix Status

CB 3.1 SW:3.4.5-100No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to robot controller ports 30001–30003/TCP using firewall rules; do not expose these ports to the Internet

HARDENINGDo not connect the robot to the Internet; place it on an isolated or private subnet behind a firewall

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGLimit the size of the private subnet where the robot is exposed to minimize lateral movement by an attacker

HARDENINGRestrict physical access to the robot control box and teach pendant to trusted personnel only

HARDENINGOnly connect the robot to the network if required by the application; keep it disconnected otherwise

CVEs (2)

CVE-2018-10633 CVE-2018-10635

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/969a88b2-6fb0-4a52-b773-e32a7419fa01