Hackers can remotely hijack factory robots through a dangerous Universal Robots software flaw affecting thousands of industrial systems
- Attackers can remotely execute commands on vulnerable industrial robots without requiring authentication
- Outdated factory robots today can expose entire manufacturing networks to devastating cyberattacks
- Poor network segmentation could allow compromised workstations to hijack nearby collaborative robots
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system that powers the company’s collaborative robots.
The flaw, identified as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1.
An unauthenticated attacker who can reach the Dashboard server’s network port can create commands that execute directly on the robot’s underlying operating system.
Command injection vulnerability actually works
This vulnerability could lead to a complete compromise of the robot controller, affecting the confidentiality, integrity and availability of the entire system.
The Dashboard server accepts user-controlled input and passes it to the operating system without properly overriding special control elements.
This oversight allows an attacker to inject arbitrary commands that the robot will execute with full system privileges.
The vulnerability was discovered and reported by Vera Mens of Claroty Team82, who coordinated the disclosure through CISA and CERT/CC’s VINCE platform.
Universal Robots has released a patch in PolyScope 5.25.1, which is available on the company’s support site for all affected customers – but the patch does nothing until someone actually installs it, and every day that passes without an update is another day where attackers must exploit known vulnerabilities.
Therefore, the company strongly recommends every user to update to version 5.25.1 or later as soon as possible.
Network security is the real protection against this exploitation
Remote exploitation of this vulnerability requires that the robot’s Dashboard server be enabled in the user interface and its network port be accessible by the attacker.
Universal Robots said its products are not designed to be accessed directly from the Internet and that direct inbound Internet access is generally prevented by corporate firewalls.
However, bots accessible from a local network may be vulnerable to attacks originating from that network.
“The security of your network is essential to the security of your robot,” the company warns in its notice to customers and integrators.
No known public exploits specifically targeting this vulnerability have been reported to CISA at the time of this disclosure.
This vulnerability is serious and the operating conditions are not difficult to imagine in real industrial environments.
A compromised workstation on the same factory network could easily reach a robot’s dashboard server port if proper network segmentation is lacking.
Their subsequent behavior could be unpredictable, because it is controlled by someone other than its owners.
Therefore, this is unlikely to lead to some sort of autonomous robotics revolution, but will simply represent the preponderance of hackers trying to take control of systems.
The rise of collaborative robots working alongside humans makes this threat particularly concerning, as a compromised robot could cause physical harm to nearby personnel.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
