Monthly report on robot cybersecurity vulnerabilities - April 2020
This is the first entry (hopefully of a monthly series) that summarizes the cybersecurity flaws affecting robots and reported during April 2020.
A total of 67 robot cybersecurity flaws were reported in April 2020 according to the Robot Vulnerability Database (RVD) and other sources reviewed. All of them vulnerabilities applying and confirmed to Universal Robots UR3, UR5 and UR10. From the outlook, these flaws might also apply to eUR3, eUR5, eUR10 and eUR16 robots.
ID | Type | Title |
---|---|---|
RVD#1496 | vulnerability | RVD#1496: The function read_data() in security.c in curl is vulnerable to memory double free. |
RVD#1495 | vulnerability | RVD#1495: Universal Robots URCaps execute with unbounded privileges |
RVD#1494 | vulnerability | RVD#1494: Not sanitizing filenames in the add_match function in libbb/lineedit.c in BusyBox through 1.27.2 when tab autocompleting filenames |
RVD#1493 | vulnerability | RVD#1493: CRLF injection vulnerability in Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers |
RVD#1492 | vulnerability | RVD#1492: Improper Handling of Unicode Encoding during NFKC normalization on python 2.7.x through 2.7.16 and 3.x through 3.7.2 |
RVD#1491 | vulnerability | RVD#1491: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) via a long name. |
RVD#1490 | vulnerability | RVD#1490: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption which could result in crashes or arbitrary code execution |
RVD#1489 | vulnerability | RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions |
RVD#1488 | vulnerability | RVD#1488: The expansion of '\h' in the prompt string in bash 4.3 allows arbitrary code execution. |
RVD#1487 | vulnerability | RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot |
RVD#1485 | vulnerability | RVD#1485: A race condition in util-linux before 2.32.1 in su could be used to kill other processes with root privileges |
RVD#1484 | vulnerability | RVD#1484: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. |
RVD#1483 | vulnerability | RVD#1483: The smtplib library in Python 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails |
RVD#1482 | vulnerability | RVD#1482: The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules |
RVD#1480 | vulnerability | RVD#1480: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. |
RVD#1479 | vulnerabitity | RVD#1479: Python's elementtree C accelerator failed to initialize Expat's hash salt during initialization. |
RVD#1478 | vulnerability | RVD#1478: Sqlite3 3.26.0 vulnerability exists in the window function potentially resulting in remote code execution. |
RVD#1477 | vulnerability | RVD#1477: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable |
RVD#1476 | vulnerability | RVD#1476: CPython up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c |
RVD#1475 | vulnerability | RVD#1475: Modules/_pickle.c in Python before 3.7.1 has an integer overflow might that can cause memory exhaustion. |
RVD#1474 | vulnerability | RVD#1474: Python version 2.7 contains a vulnerability in shutil module that can result in DoS and Information gain via injection of arbitrary files on the system or entire drive. |
RVD#1473 | vulnerability | RVD#1473: GNU wget before 1.18 allows remote servers to write to arbitrary files |
RVD#1472 | vulnerability | RVD#1472: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython before 2.7.10 and 3.x before 3.4.4 |
RVD#1471 | vulnerability | RVD#1471: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 |
RVD#1470 | vulnerability | RVD#1470: vim before patch 8.0.0056 does not properly validate values for 'filetype', 'syntax' and 'keymap' options |
RVD#1469 | vulnerability | RVD#1469: The email module in Various Versions of Python 2 and 3 wrongly parses email addresses that contain multiple @ characters. |
RVD#1468 | vulnerability | RVD#1468: http.cookiejar.DefaultPolicy.domain_return_ok in Python before 3.7.3 can be tricked into sending existing cookies to the wrong server. |
RVD#1467 | vulnerability | RVD#1467: Some python versions 2.7/3.7. are vulnerable to DoS via catastrophic backtracking |
RVD#1466 | vulnerability | RVD#1466: glibc allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack |
RVD#1465 | vulnerability | RVD#1465: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands |
RVD#1464 | vulnerability | RVD#1464: CRLF injection is possible due to an issue discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. |
RVD#1463 | vulnerability | RVD#1463: The OpenSSL RSA Key generation algorithm is vulnerable to a cache timing side channel attack |
RVD#1462 | vulnerability | RVD#1462: The shared memory manager in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers |
RVD#1461 | vulnerability | RVD#1461: Integer overflow in the strxfrm function in the GNU C Library before 2.21 allows to cause a DoS |
RVD#1460 | vulnerability | RVD#1460: Untrusted search path vulnerability in ssh-agent.c in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules |
RVD#1459 | vulnerability | RVD#1459: Use-after-free vulnerability in bzip2 1.0.6 allows remote attackers to cause a DoS |
RVD#1458 | vulnerabitity | RVD#1458: idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information |
RVD#1457 | vulnerability | RVD#1457: An invalid memory address dereference in elfutils through v0.174. that allows attackers to cause a DoS |
RVD#1456 | vulnerability | RVD#1456: Stack-based buffer overflow in the getaddrinfo function in getaddrinfo.c in glibc allows a DoS attack |
RVD#1455 | vulnerability | RVD#1455: A buffer overflow in glibc 2.5 which can be triggered through the LD_LIBRARY_PATH environment variable |
RVD#1454 | vulnerability | RVD#1454: Double free vulnerability in JasPer 1.900.17 allows remote attackers to cause a DoS |
RVD#1453 | vulnerability | RVD#1453: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free |
RVD#1452 | vulnerability | RVD#1452: Memory leak in the __res_vinit function in the IPv6 name server code in libresolv in glibc before 2.24 causes a DoS |
RVD#1451 | vulnerability | RVD#1451: There is an overflow bug in the AVX2 Montgomery multiplication procedure |
RVD#1450 | vulnerability | RVD#1450: Integer overflow in the GNU C Library before 2.22 allows context-dependent attackers to cause a DoS |
RVD#1449 | vulnerabitity | RVD#1449: OoB Write will cause Mozilla Network Security Services to crash on various iterations from 3.21.4 to 3.30.1 |
RVD#1448 | vulnerabitity | RVD#1448: The glob function in glob.c in the GNU C Library contains a buffer overflow unescaping names with ~ operator. |
RVD#1447 | vulnerabitity | RVD#1447: Carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0cspecific Montgo |
RVD#1446 | vulnerabitity | RVD#1446: A heap buffer overflow in the TFTP receiving code allows for DoS |
RVD#1442 | vulnerabitity | RVD#1442: libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows |
RVD#1441 | vulnerabitity | RVD#1441: Directory traversal vulnerability in the safer_name_suffix function in GNU tar |
RVD#1440 | vulnerabitity | RVD#1440: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801 |
RVD#1439 | vulnerabitity | RVD#1439: The fnmatch function in the GNU C Library (aka glibc or libc6) DoS via a malformed pattern |
RVD#1438 | vulnerabitity | RVD#1438: The check_symtab_shndx function in elfutils 0.168 allows remote attackers to cause a DoS. |
RVD#1437 | vulnerabitity | RVD#1437: The allocate_elf function in elfutils before 0.168 allows remote attackers to cause a DoS. |
RVD#1436 | vulnerabitity | RVD#1436: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 |
RVD#1435 | vulnerabitity | RVD#1435: elflint.c in elfutils 0.168 does not validate the number of sections nor segments allowing a DoS Attack |
RVD#1434 | vulnerabitity | RVD#1434: A remote code execution vulnerability in libxml2 could allow execution of arbritary code. |
RVD#1433 | vulnerabitity | RVD#1433: The http.c skip_short_body() function is called in some circumstances. |
RVD#1432 | vulnerabitity | RVD#1432: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer |
RVD#1431 | vulnerabitity | RVD#1431: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack |
RVD#1430 | vulnerabitity | RVD#1430: Crafted file can lead to a DoS due to a memory alocation failure in elfutils |
RVD#1429 | vulnerabitity | RVD#1429: Null pointer dereference vulnerability causes TLS/SSL server using NSS to crash. |
RVD#1428 | vulnerabitity | RVD#1428: The FTP wildcard function in curl and libcurl before 7.57.0 allows DoS |
RVD#1427 | vulnerabitity | RVD#1427: The malloc function in the GNU C Library 2.2 Could lead to a heap overflow |
RVD#1426 | vulnerability | RVD#1426: A truncated packet can cause that SSL/TLS server or client to perform an out-of-bounds read. |
RVD#1425 | vulnerabitity | RVD#1425: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete |