Universal Robots PolyScope Dashboard Server versions prior to 5.21.1
Summary
This is an unauthenticated OS command injection vulnerability in the PolyScope dashboard server interface for industrial robots. Attackers can craft malicious commands that execute arbitrary code on the robot's operating system without prior authentication. Successful exploitation allows full compromise of the robot controller and potential access to industrial control networks.
Remediation
Update Universal Robots PolyScope to version 5.21.1 or the latest available version as soon as possible. Restrict network access to the PolyScope dashboard interface to only trusted administrative IP ranges. Monitor for unauthorized access attempts to the dashboard to catch early exploitation attempts.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.