"PolyScope 5, an operating system and GUI designed to power and control the company's cobots, is affected by CVE-2026-8153, an OS command injection vulnerability in the Dashboard Server interface."
""The Dashboard Server accepts user-controlled input and passes it to the underlying operating system without proper neutralization of special elements," Universal Robots explained. "An unauthenticated attacker with network access to the Dashboard Server port can craft commands that are executed on the robot's operating system, leading to remote code execution and compromise of the controller with high impact to confidentiality, integrity, and availability.""
"The flaw, rated critical with a CVSS score of 9.8, has been patched in PolyScope 5.25.1."
""Remote exploitation of CVE-2026-8153 requires the robot's Dashboard Server to be enabled in the UI, and its port to be reachable by the attacker. UR robots are not designed to be accessible directly from the Internet, and direct inbound Internet access is typically prevented by the company firewall.""
PolyScope 5, the operating system and GUI for Universal Robots cobots, contains a critical OS command injection vulnerability in the Dashboard Server interface. The issue is identified as CVE-2026-8153 and has a CVSS score of 9.8. The vulnerability allows user-controlled input to be passed to the underlying operating system without proper neutralization of special elements. An unauthenticated attacker with network access to the Dashboard Server port can craft commands that execute on the robot’s operating system, resulting in remote code execution and compromise of the controller. The flaw is patched in PolyScope 5.25.1. Remote exploitation requires the Dashboard Server to be enabled in the UI and the port to be reachable, and robots are typically not intended for direct Internet access.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]