3.0.3.53662

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vecna

NVD

Published: 2018-10-30

Updated: 2019-10-09

Summary

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.

Vulnerable Configurations

Part	Description	Count
OS	Vecna Vecna VGO Firmware 3.0.3.52164 Vecna VGO Firmware 3.0.3.53662	2
Hardware	Vecna Vecna VGO -	1

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01