3.0.3.53662

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

vecna

NVD

Published: 2018-10-30

Updated: 2019-10-09

Summary

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.

Vulnerable Configurations

Part	Description	Count
OS	Vecna Vecna VGO Firmware 3.0.3.52164 Vecna VGO Firmware 3.0.3.53662	2
Hardware	Vecna Vecna VGO -	1

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01