CVE-2026-8153 · OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1

01 · The Real Story

This is a loaded nail gun left on the shop floor, not a sniper rifle on the public sidewalk

CVE-2026-8153 is an OS command injection bug in the Universal Robots PolyScope 5 Dashboard Server, the text-based remote control interface on TCP 29999. Affected versions are PolyScope 5 releases prior to 5.25.1; if the Dashboard Server is enabled and reachable, an unauthenticated attacker can send crafted input that the controller passes to the underlying robot OS, giving code execution on the controller itself.

The vendor's 9.8 / CRITICAL score is technically fair *if* you model a naked reachable service, but it overstates most enterprise reality. Universal Robots says exploitation requires the Dashboard Server to be enabled and reachable, and its own hardening guidance says new robots and newly created SD cards default security settings to restrictive/disabled from PolyScope 5.17; that turns this from 'internet-grade pre-auth RCE everywhere' into 'high-impact OT controller takeover after a real exposure mistake or internal foothold'.

"Dangerous once reachable, but the real gate is exposure: this is usually an internal OT RCE, not an internet worm."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Find a reachable Dashboard Server

The attacker first needs network path to the robot controller and a live Dashboard Server on TCP 29999. Commodity tools such as nmap or a simple socket probe are enough because the interface is plaintext and designed for remote control.

Conditions required:

Attacker has L3/L4 reachability to the robot controller
Dashboard Server service is enabled
Inbound restrictions or firewall rules permit access to port 29999

Where this breaks in practice:

Universal Robots states robots are not designed for direct internet exposure
From PolyScope 5.17, new robots and newly created SD cards default security settings to restrictive/disabled
Well-segmented cells often require a prior IT-to-OT pivot before this port is reachable

Detection/coverage: OT asset discovery and NDR can usually spot port 29999; generic VM scanners often miss whether the service is enabled versus merely potentially present.

STEP 02

Abuse the text command channel

Once connected, the attacker sends crafted Dashboard input over the raw TCP socket using a trivial client such as netcat or a custom script. Because the vulnerable code path fails to neutralize special shell elements before handing input to the OS, the controller executes attacker-controlled commands without authentication.

Conditions required:

Dashboard protocol access on port 29999
Vulnerable PolyScope version earlier than 5.25.1

Where this breaks in practice:

No reviewed source showed broad public exploitation or a mainstream PoC repo yet
Host/subnet allowlists in PolyScope General settings can block off-segment sources
Some deployments wrap remote access in SSH tunneling or vendor-managed jump paths

Detection/coverage: Protocol-aware OT monitoring is best; otherwise look for unusual TCP sessions to 29999, failed command sequences, and anomalous entries in controller logs such as /var/log/dashboard.log.

STEP 03

Take over the controller

Successful command injection lands code execution on the robot's Linux-based controller, not just in a low-impact app sandbox. That gives the attacker leverage over programs, configuration, motion control workflows, and potentially persistence on a device that often lacks traditional EDR coverage.

Conditions required:

Successful injection payload execution
Controller OS permits the resulting command path

Where this breaks in practice:

Appliance-style controllers are less convenient to weaponize than mainstream servers
Some environments closely supervise controller changes during production windows

Detection/coverage: Controller-side telemetry is usually thin; defenders should expect weaker endpoint visibility than on IT servers.

STEP 04

Translate controller access into operational impact

From the controller, the attacker can stop production, alter robot behavior, manipulate loaded jobs, or pivot toward adjacent OT assets that trust the cell network. In flat manufacturing segments this can become a fleet problem fast, especially where cobots talk to PLCs, MES components, or engineering workstations.

Conditions required:

Robot is operationally important
Adjacent OT paths or trusted integrations exist

Where this breaks in practice:

Blast radius depends on local segmentation and what the robot is actually connected to
Each additional pivot still needs permissive routing and weak trust boundaries

Detection/coverage: Look for east-west OT traffic changes, unexpected program loads/stops, safety status anomalies, and controller-originated connections that do not match normal engineering workflows.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No reviewed authoritative source showed confirmed public exploitation. Universal Robots says no known public exploitation was reported to CISA at publication time.
PoC availability	I did not find a credible public exploit repository in reviewed sources. That said, the exposed interface is a plain TCP command service, so exploit development friction is low once protocol access exists.
EPSS	`0.01532` (~`1.532%`) from the provided intel; a reviewed third-party EPSS view reports 81.5th percentile, which is non-trivial but nowhere near 'drop everything' internet-worm territory.
KEV status	Not listed in the CISA KEV catalog as of 2026-05-30.
CVSS vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` models the service as reachable and unauthenticated. That is technically correct, but it does not capture the real-world requirement that the Dashboard Server be enabled and exposed to the attacker.
Affected range	Universal Robots states PolyScope 5 versions prior to `5.25.1` are affected.
Fixed version	Upgrade to PolyScope `5.25.1` or newer. This is an appliance-style vendor upgrade; I found no distro backport channel to rely on.
Exposure reality	Universal Robots says robots are not designed for direct internet exposure, and exploitation needs Dashboard Server enabled plus reachability to TCP `29999`. The vendor handbook also says all services are disabled by default and that, since PolyScope `5.17`, new robots/new SD cards default security settings to restrictive/disabled.
Disclosure timeline	User-provided disclosure date is 2026-05-08; public downstream coverage and vendor/CISA discussion appeared in the following week, including media reporting on 2026-05-19 and 2026-05-20.
Researcher	Reported by Vera Mens of Claroty Team82, with coordination through CISA and CERT/CC VINCE per reviewed reporting.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to HIGH (8.3/10)

The decisive downgrade factor is attacker position: most real exploit paths require an internal OT foothold or an exposure mistake because the vulnerable service must be both enabled and reachable. It stays HIGH because once that gate is cleared, this is unauthenticated controller-level code execution on a cyber-physical asset with direct safety and uptime consequences.

HIGH Affected version range and fixed version

HIGH Exposure prerequisites: service must be enabled and reachable

MEDIUM Enterprise-wide exposure prevalence across real UR deployments

Why this verdict

Down from vendor 9.8 for attacker position: this is usually *not* an internet-reachable edge service; it typically requires internal-network access to an OT cell or a specific exposure mistake.
Further down for configuration gating: the Dashboard Server must be enabled, and Universal Robots documents that services are disabled by default; since PolyScope 5.17, new robots/new SD cards also default security settings to restrictive/disabled.
Held at HIGH for impact amplification: unauthenticated code execution on a robot controller is not just 'another Linux box'—it can halt production, alter robot behavior, and become a pivot point inside flat OT networks.

Why not higher?

I am not keeping this at CRITICAL because the reachable population is materially narrower than the CVSS label implies. No KEV listing, no confirmed public exploitation in reviewed authoritative sources, and a non-default service exposure requirement all apply downward pressure.

Why not lower?

I am not dropping this to MEDIUM because the exploit chain has no authentication step once the port is reachable, and the technical complexity is low. The consequence is controller compromise on a cyber-physical asset, which means the business impact can jump from one host to a production-line incident very quickly.

05 · Compensating Control

What to do — in priority order.

Disable Dashboard Server where unused — This is the cleanest risk kill-switch because the exploit path dies before packet one. Review each robot/application pair and disable the service on the PolyScope Services screen wherever remote dashboard control is not operationally required; for a HIGH verdict, deploy this within 30 days if patching cannot happen first.
Restrict inbound access to trusted hosts and subnets — Use PolyScope General security settings plus upstream firewall rules to allow only the specific engineering stations, PLCs, or management hosts that truly need dashboard access. This directly attacks the main real-world prerequisite—network reachability—and should be in place within 30 days.
Segment robot cells from enterprise IT — Treat robot controllers as OT crown jewels, not generic embedded nodes. Put them behind industrial firewalls or tightly filtered conduits, block workstation-to-cell east-west sprawl, and require controlled jump paths; for this HIGH issue, tighten segmentation within 30 days.
Monitor TCP 29999 and dashboard activity — Even if you cannot patch immediately, you can make the service noisy. Alert on new sources reaching port 29999, unusual command bursts, controller log anomalies, and any robot-originated lateral movement; stand this up within 30 days.
Upgrade to PolyScope 5.25.1 or newer — This is the actual fix and removes the vulnerable code path rather than just constraining access to it. Schedule the appliance-style controller upgrade and complete it within 180 days for a HIGH verdict, validating application compatibility and cell safety after change.

What doesn't work

Blocking the port *without disabling the service* is weaker than it looks, because the vendor handbook states an enabled service can take precedence over general port blocking.
MFA does not help here because the vulnerable interface is unauthenticated plaintext TCP, not an interactive login flow.
Treating this as a generic IT vuln-scan exception misses the real issue; exposure and service state matter more than a scanner banner alone.

06 · Verification

Crowdsourced verification payload.

Run this from a trusted auditor workstation that can reach the robot controller over the network; invoke it as bash ur_polyscope_check.sh 192.168.3.3. It needs no credentials and no root, but it does require that the Dashboard Server be enabled and reachable on TCP 29999; otherwise the script will return UNKNOWN.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# ur_polyscope_check.sh
# Safe version check for Universal Robots PolyScope via Dashboard Server (TCP 29999)
# Outputs: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN, 3=usage/runtime error

set -u

FIXED_VERSION="5.25.1"
HOST="${1:-}"
PORT="29999"
TIMEOUT_BIN="$(command -v timeout || true)"

usage() {
  echo "Usage: $0 <robot-ip-or-hostname>"
  exit 3
}

if [[ -z "$HOST" ]]; then
  usage
fi

if [[ -z "$TIMEOUT_BIN" ]]; then
  echo "UNKNOWN - 'timeout' utility not found on this system"
  exit 2
fi

ver_lt() {
  # returns 0 if $1 < $2
  local a b IFS=.
  read -r -a a <<< "$1"
  read -r -a b <<< "$2"
  local len=${#a[@]}
  if (( ${#b[@]} > len )); then len=${#b[@]}; fi
  for ((i=0; i<len; i++)); do
    local ai=${a[i]:-0}
    local bi=${b[i]:-0}
    ((10#$ai < 10#$bi)) && return 0
    ((10#$ai > 10#$bi)) && return 1
  done
  return 1
}

query_dashboard() {
  "$TIMEOUT_BIN" 5 bash -c '
    host="$1"
    port="$2"
    exec 3<>/dev/tcp/${host}/${port} || exit 10
    # Read banner if present; do not fail if absent
    IFS= read -r banner <&3 || true
    printf "PolyscopeVersion\nquit\n" >&3
    IFS= read -r line1 <&3 || true
    IFS= read -r line2 <&3 || true
    printf "%s\n%s\n%s\n" "$banner" "$line1" "$line2"
  ' _ "$1" "$2" 2>/dev/null
}

RESP="$(query_dashboard "$HOST" "$PORT")" || {
  echo "UNKNOWN - dashboard server unreachable, disabled, or blocked on ${HOST}:${PORT}"
  exit 2
}

VERSION="$(printf '%s\n' "$RESP" | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+' | head -n1 || true)"

if [[ -z "$VERSION" ]]; then
  echo "UNKNOWN - could not parse PolyScope version from dashboard response"
  exit 2
fi

if ver_lt "$VERSION" "$FIXED_VERSION"; then
  echo "VULNERABLE - PolyScope ${VERSION} is older than fixed version ${FIXED_VERSION}"
  exit 1
else
  echo "PATCHED - PolyScope ${VERSION} is at or above fixed version ${FIXED_VERSION}"
  exit 0
fi

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, identify every Universal Robots controller that can be reached on TCP 29999, then immediately disable Dashboard Server anywhere it is not required and tighten host/subnet allowlists anywhere it is. For this HIGH reassessment, the noisgate mitigation SLA is within 30 days for those exposure controls, and the noisgate remediation SLA is within 180 days to move every affected controller to PolyScope 5.25.1 or newer after validating cell compatibility and safety behavior.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.