cbcvebase.
CVE-2018-10635
published 2018-07-11

CVE-2018-10635: In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the…

PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.10%
91.3th percentile
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained.

Affected

1 ranges
VendorProductVersion rangeFixed in
universal-robotscb3.1_firmware

Detection & IOCsextracted from sources · hover to see the quote

port30001/TCP
port30002/TCP
port30003/TCP
  • Monitor for unauthenticated inbound TCP connections to ports 30001–30003 on Universal Robots CB 3.1 controllers; any such connection can deliver and execute arbitrary URScript code with potential root-level impact.
  • Alert on any network traffic reaching ports 30001–30003/TCP from hosts outside the robot's trusted subnet; the advisory explicitly states these ports must be restricted at the firewall.
  • Scope detection to Universal Robots CB 3.1 controllers running SW Version 3.4.5-100, the confirmed affected version.
  • ·The vulnerability is classified as Missing Authentication for Critical Function (CWE-306); no credentials are required to send URScript commands to the exposed ports, meaning network-layer access alone is sufficient for exploitation.
  • ·CVSS v3 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting fully unauthenticated, network-exploitable remote code execution with no user interaction required.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.