CVE-2020-10286
15.07.2020, 22:15
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ufactory | xarm_5_lite_firmware | 𝑥 ≤ 1.5.0 |
| ufactory | xarm_6_firmware | - |
| ufactory | xarm_7_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-656 - Reliance on Security Through ObscurityThe software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.