Login Sign Up

CVE-2018-10633

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Universal Robots industrial robot controllers contain hard-coded credentials that allow attackers to reset controller passwords. This affects Universal Robots Robot Controllers CB 3.1 with software version 3.4.5-100, potentially compromising industrial automation systems.

💻 Affected Systems

Products:
  • Universal Robots Robot Controllers CB 3.1
Versions: SW Version 3.4.5-100
Operating Systems: Robot controller firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with this specific software version are vulnerable by default.

📦 What is this software?

Cb3.1 Firmware by Universal Robots

View all CVEs affecting Cb3.1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of industrial robot controllers leading to physical damage, production disruption, or safety hazards in manufacturing environments.

🟠

Likely Case

Unauthorized access to robot controllers allowing configuration changes, program manipulation, or data theft from industrial networks.

🟢

If Mitigated

Limited impact if controllers are isolated in air-gapped networks with strict access controls and monitoring.

🌐 Internet-Facing: HIGH if controllers are exposed to internet, as exploitation requires no authentication.
🏢 Internal Only: HIGH due to hard-coded credentials that can be exploited by any internal attacker with network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward using known hard-coded credentials documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.4.5-100

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01

Restart Required: Yes

Instructions:

1. Contact Universal Robots support for updated firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart controller. 5. Verify new credentials are in use.

🔧 Temporary Workarounds

Network segmentation

all

Isolate robot controllers in separate VLANs with strict firewall rules.

Access control lists

all

Implement IP-based access restrictions to controller management interfaces.

🧯 If You Can't Patch

  • Physically isolate controllers from all networks except required control systems
  • Implement continuous monitoring for unauthorized access attempts to controller interfaces

🔍 How to Verify

Check if Vulnerable:

Check controller software version via web interface or UR software. If version is exactly 3.4.5-100, system is vulnerable.

Check Version:

Check via Universal Robots PolyScope interface or controller web interface

Verify Fix Applied:

Verify software version is updated beyond 3.4.5-100 and test that hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful logins
  • Password reset events on controller

Network Indicators:

  • Unexpected connections to controller management ports (80/443)
  • Traffic patterns matching credential brute-forcing

SIEM Query:

source="robot_controller" AND (event="password_reset" OR (auth_failed AND auth_success))

📊 Metadata

CVE ID: CVE-2018-10633
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: July 11, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-10633, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)