Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
AnalysisAI
Remote unauthenticated command injection in Universal Robots PolyScope Dashboard Server (versions <5.21.1) allows attackers to execute arbitrary OS commands on industrial robot controllers via network-crafted requests. With CVSS 9.8 (critical severity) and complete absence of authentication barriers, this vulnerability enables full robot controller compromise from remote network positions. No authentication, user interaction, or attack complexity required - exploitation is straightforward against default configurations exposing the Dashboard Server interface.
Technical ContextAI
PolyScope is Universal Robots' controller software for CB-series and e-Series collaborative robot arms, providing programming interface and network communications. The Dashboard Server is a TCP socket interface (typically port 29999) used for remote monitoring and control commands. CWE-78 (OS Command Injection) indicates insufficient input validation/sanitization of commands sent to the Dashboard Server, allowing shell metacharacters or command separators to break out of intended command contexts and execute arbitrary system commands. The underlying Linux-based robot controller OS executes these injected commands with the privileges of the Dashboard Server process, likely root or equivalent system-level access given the controller's operational requirements.
RemediationAI
Upgrade Universal Robots PolyScope to version 5.21.1 or later, which addresses the command injection vulnerability per the version boundary stated in the CVE description. Contact Universal Robots support or consult https://www.universal-robots.com/developer/communication-protocol/dashboard-server/ for specific patch installation procedures and compatibility validation with deployed robot hardware models. If immediate patching is not operationally feasible, implement network-level compensating controls: (1) Block external access to Dashboard Server port 29999 via firewall rules, restricting connectivity to dedicated HMI/SCADA systems on isolated OT network segments only - trade-off is loss of remote monitoring/control from IT network; (2) Deploy application-layer gateway or protocol proxy that validates Dashboard Server commands against whitelist of known-safe command syntax before forwarding to robot controller - requires deep protocol knowledge and introduces single point of failure; (3) Enable any authentication mechanisms available in PolyScope safety/access control settings if supported in your robot series - verify in controller documentation as not all models support authentication on Dashboard Server. Network segmentation is most reliable immediate control but does not eliminate risk from threats already inside OT network perimeter.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28548
GHSA-pprv-j56w-x96f