A critical command injection vulnerability has been discovered in Universal Robots' PolyScope 5 operating system, which powers the company's collaborative robots. This flaw allows attackers to remotely execute commands on vulnerable industrial robots without requiring authentication, as reported by Tech Radar.The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1. An unauthenticated attacker can exploit this by crafting commands that execute directly on the robot's operating system via the Dashboard Server network port. This could lead to a complete compromise of the robot controller, impacting confidentiality, integrity, and availability.While Universal Robots has released a patch in version 5.25.1, users must install it to be protected. Network security and segmentation are crucial, as compromised workstations on the same network could hijack nearby robots if proper segmentation is missing. The company advises that its products are not designed for direct internet access, but local network access could still pose a risk. The exploitation of this vulnerability is concerning due to the potential for physical harm to personnel working alongside compromised robots.Source: Tech Radar
Vulnerability Management
Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



