Common Robots, a Danish firm specializing in collaborative industrial robots, or cobots, has patched a important vulnerability affecting one in all its working programs.
Advisories printed final week by the cybersecurity company CISA and Common Robots revealed that PolyScope 5, an working system and GUI designed to energy and management the corporate’s cobots, is affected by CVE-2026-8153, an OS command injection vulnerability within the Dashboard Server interface.
The flaw, rated important with a CVSS rating of 9.8, has been patched in PolyScope 5.25.1.
“The Dashboard Server accepts user-controlled enter and passes it to the underlying working system with out correct neutralization of particular parts,” Common Robots defined. “An unauthenticated attacker with community entry to the Dashboard Server port can craft instructions which might be executed on the robotic’s working system, resulting in distant code execution and compromise of the controller with excessive influence to confidentiality, integrity, and availability.”
The seller famous in its advisory that “Distant exploitation of CVE-2026-8153 requires the robotic’s Dashboard Server to be enabled within the UI, and its port to be reachable by the attacker. UR robots are usually not designed to be accessible immediately from the Web, and direct inbound Web entry is often prevented by the corporate firewall.”
Nonetheless, Vera Mens, the Claroty security researcher credited with discovering and reporting CVE-2026-8153, famous that whereas many industrial robots lack a distant administration interface, cobots made by Common Robots have a management field with an Ethernet port that can be utilized on demand.
“Prospects could use this selection to ship info to a central administration unit, to make use of legacy subject protocols akin to MODBUS and EtherNet/IP to control different OT gear, or to manage the cobot remotely,” Mens informed information.killnetswitch. “Though these networks are usually not publicly uncovered, they’re typically flat and lack correct segmentation; due to this fact, gaining an preliminary foothold will not be troublesome.”
In a flat, unsegmented community, an attacker might exploit the vulnerability to compromise a number of cobots.
“The management field powering the cobot’s utility layer is a general-purpose Linux laptop linked through Ethernet and serial ports to quite a lot of different gear. The least extreme final result is full management of a single cobot (which can pose hazards to people), however the influence can escalate to compromise of a whole fleet of cobots and their peripherals,” Mens warned.
