Vulnerability Management

Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution

Cellphone with web page of Danish cobot company Universal Robots AS in front of business logo. Focus on top-left of phone display.

A critical command injection vulnerability has been discovered in Universal Robots' PolyScope 5 operating system, which powers the company's collaborative robots. This flaw allows attackers to remotely execute commands on vulnerable industrial robots without requiring authentication, as reported by Tech Radar.

The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1. An unauthenticated attacker can exploit this by crafting commands that execute directly on the robot's operating system via the Dashboard Server network port. This could lead to a complete compromise of the robot controller, impacting confidentiality, integrity, and availability.

While Universal Robots has released a patch in version 5.25.1, users must install it to be protected. Network security and segmentation are crucial, as compromised workstations on the same network could hijack nearby robots if proper segmentation is missing. The company advises that its products are not designed for direct internet access, but local network access could still pose a risk. The exploitation of this vulnerability is concerning due to the potential for physical harm to personnel working alongside compromised robots.

Source: Tech Radar

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds