Critical Security Flaw Leaves Industrial Robots Vulnerable to Hacking

Post Views: 8

Industrial Robot Fleet Operators Face Critical Vulnerability Risk

A recently disclosed critical vulnerability, designated as CVE-2026-8153, affects the PolyScope 5 operating system used by Universal Robots’ collaborative robots, or cobots. This flaw allows an unauthenticated attacker to inject malicious commands into the Dashboard Server interface, potentially leading to remote code execution and control over the robot’s operating system.

According to Universal Robots, the vulnerability requires the robot’s Dashboard Server to be enabled in the user interface and its port to be reachable by the attacker.

Vulnerability Details

The vulnerability has a CVSS score of 9.8, indicating a high-risk level.
The vulnerability was discovered by security researcher Vera Mens and reported to Universal Robots.
Universal Robots has released a patch for the vulnerable version of PolyScope 5.
Users are advised to update their software to the latest version to ensure they have the necessary security fixes in place.

Mans warned that although these networks are generally not publicly exposed, they are often flat and lack proper segmentation, making it relatively easy for an attacker to gain an initial foothold. An attacker could then exploit the vulnerability to compromise one or more cobots, which may pose hazards to humans, or even lead to the compromise of an entire fleet of cobots and their peripherals.

Recommendations for Industrial Robot Operators

Regularly update software to ensure you have the latest security patches.
Implement robust security measures to prevent exploitation of vulnerabilities like this one.
Prioritize securing your industrial control systems to mitigate the risks associated with these types of vulnerabilities.