Universal Robots has fixed CVE-2026-8153, a critical command injection flaw in the Dashboard Server interface of PolyScope 5 that could allow remote code execution on cobot controllers. Security researchers warned that flat, poorly segmented OT networks could let attackers compromise individual cobots or even an entire fleet. #UniversalRobots #PolyScope5 #CVE-2026-8153 #Claroty #CISA
Keypoints
- Universal Robots patched a critical flaw in PolyScope 5.
- CVE-2026-8153 is an OS command injection issue in the Dashboard Server.
- The vulnerability has a CVSS score of 9.8.
- An unauthenticated attacker could execute commands on the robot OS remotely.
- Poor network segmentation could let attackers affect multiple cobots and peripherals.
Read More: https://www.securityweek.com/critical-vulnerability-exposes-industrial-robot-fleets-to-hacking/