- Attackers can remotely execute commands on vulnerable industrial robots without requiring authentication
- Obsolete industrial robots can expose entire manufacturing networks to devastating cyberattacks today
- Poor network segmentation could allow compromised workstations to hijack nearby collaborative robots
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system that powers the company’s collaborative robots.
The flaw, identified as CVE-2026-8153, has a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1.
An unauthenticated attacker who can reach the Dashboard Server’s network port can create commands that run directly on the robot’s underlying operating system.
Command injection vulnerability actually works
This vulnerability could completely compromise the robot controller, affecting the confidentiality, integrity and availability of the entire system.
Dashboard Server accepts user-controlled input and passes it to the operating system without properly neutralizing special command elements.
This monitoring allows an attacker to inject arbitrary commands that the robot will execute with full system privileges.
The flaw was discovered and reported by Vera Mens of Claroty Team82, who coordinated the disclosure through CISA and CERT/CC’s VINCE platform.
Universal Robots has released a patch in PolyScope 5.25.1, which is available on the company’s support site for all affected customers, but the patch doesn’t do anything until someone actually installs it, and every day that goes by without updating is another day that attackers have to exploit known vulnerabilities.
Therefore, the company strongly recommends that all users update to version 5.25.1 or later as soon as possible.
Network security is the true protection against this exploitation.
Remote exploitation of this vulnerability requires that the robot dashboard server be enabled in the user interface and that the attacker must be able to access its network port.
Universal Robots stated that its products are not designed to be accessible directly from the Internet and that corporate firewalls often prevent direct incoming Internet access.
However, robots that can be accessed from a local area network may be vulnerable to attacks originating within that network.
“The security of your network is essential to the security of your robot,” the company warned in its notice to customers and integrators.
At the time of this disclosure no known public exploits specifically targeting this vulnerability have been reported to CISA.
This vulnerability is serious and the conditions of exploitation are not difficult to imagine in real industrial environments.
A compromised workstation on the same factory network could easily reach a robot’s dashboard server port if proper network segmentation is missing.
Its subsequent behavior could be unpredictable, because it is controlled by someone other than its owners.
So this probably won’t lead to some kind of autonomous robotics revolution, but just represents the preponderance of hackers trying to take control of systems.
The rise of collaborative robots working alongside humans makes this threat particularly concerning because a compromised robot could cause physical harm to nearby personnel.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
