No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HUfactory Xarm Studio
APPUfactory1.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2020-10285CRITICAL9.8ten sam vendor
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute...
CVE-2020-10286HIGH8.8ten sam vendor
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in ...