Ufactory: Security Vulnerabilities
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVSS Score
9.4
EPSS Score
0.002
Published
2020-07-15
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
CVSS Score
9.4
EPSS Score
0.004
Published
2020-07-15
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-07-15