How severe is CVE-2020-10266?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-10266?

This is classified as CWE-353, which is a common weakness in software security.

CVE-2020-10266 - HIGH Severity | CVSS 8.8

Vulnerability Description

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.

Related Vulnerabilities

CVE-2019-19160

HIGH

CVSS:8.8(High)

Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).

CWE-3532019

CVE-2020-7810

HIGH

CVSS:8.8(High)

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of ...

CWE-3532020

CVE-2021-26610

HIGH

CVSS:8.8(High)

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary c...

CWE-3532021

CVE-2019-11480

HIGH

CVSS:8.1(High)

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is abl...

CWE-3532019

CVE-2021-28545

HIGH

CVSS:8.1(High)

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker ...

CWE-3532021

CVE-2020-7878

CRITICAL

CVSS:9.8(Critical)

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.

CWE-3532020