Universal Robots Polyscope 5 Unauthenticated Remote Code Execution

Universal Robots Polyscope 5 is vulnerable to an OS command injection vulnerability (CVE-2026-8153) in the Dashboard Server interface. This flaw allows an unauthenticated attacker to inject arbitrary commands into the operating system of the robot. The vulnerability affects Polyscope 5 versions prior to 5.25.1. Successful exploitation could lead to complete compromise of the robot’s operating system, potentially enabling attackers to disrupt critical manufacturing processes, steal sensitive data, or use the robot as a pivot point for further attacks within the network. This vulnerability was reported to CISA by Vera Mens of Claroty Team82.

Attack Chain

1. An unauthenticated attacker identifies a vulnerable Universal Robots Polyscope 5 instance running a version prior to 5.25.1.
2. The attacker sends a specially crafted HTTP request to the Dashboard Server interface.
3. This HTTP request contains malicious OS commands injected into a parameter processed by the Dashboard Server.
4. The Dashboard Server fails to properly sanitize or neutralize special elements within the injected command.
5. The vulnerable software executes the injected OS command on the robot’s operating system.
6. The attacker gains arbitrary code execution on the robot’s system with the privileges of the affected service.
7. The attacker could potentially escalate privileges to gain root access.
8. The attacker can then install malware, steal sensitive information, or manipulate the robot’s operations, causing disruption or damage.

Impact

Successful exploitation of CVE-2026-8153 allows an unauthenticated attacker to execute arbitrary code on the Universal Robots Polyscope 5, potentially leading to full system compromise. This can result in disruption of critical manufacturing processes, theft of proprietary information, or the robot being used as an entry point to compromise other systems on the network. The affected robots are deployed worldwide in Critical Manufacturing sectors.

Recommendation

• Immediately update Universal Robots Polyscope 5 to version 5.25.1 or later to patch CVE-2026-8153, as recommended by the vendor. (Universal Robots article: https://www.universal-robots.com/articles/ur/cybersecurity/cve-2026-8153-command-injection-in-the-polyscope-5-dashboard-server/)
• Apply network segmentation and firewall rules to minimize network exposure for all control system devices, as mentioned in CISA’s recommended practices.
• Deploy the Sigma rule “Detect CVE-2026-8153 Exploitation Attempt via Malicious URI” to detect exploitation attempts targeting the Dashboard Server interface.