CVEs-PoC/2020/CVE-2020-10290.md

### [CVE-2020-10290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10290)
![](https://img.shields.io/static/v1?label=Product&message=URx&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20(Execution%20with%20Unnecessary%20Privileges)&color=brighgreen)

### Description

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could 'cook' a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system

### POC

#### Reference
- https://github.com/aliasrobotics/RVD/issues/1495

#### Github
No PoCs found on GitHub currently.