Universal Robots flaw exposes industrial machines to remote hijacking

A critical security flaw has been uncovered in the operating system used by Universal Robots’ collaborative robots, raising concerns about the safety of industrial systems connected to corporate networks. The vulnerability affects PolyScope 5, the software platform that controls the company’s robotic arms, widely used in manufacturing and logistics environments.

Tracked as CVE-2026-8153, the flaw has a CVSS severity rating of 9.8, placing it among the most dangerous software vulnerabilities. According to the advisory, all versions of PolyScope 5 released before 5.25.1 are affected.

The issue allows an attacker to inject commands into the robot controller without authentication remotely, provided the attacker can access the Dashboard Server network port. Security researchers warned that successful exploitation could grant complete control over the robot’s underlying operating system.

The vulnerability was identified by Vera Mens of Claroty Team82, who coordinated disclosure efforts through the US Cybersecurity and Infrastructure Security Agency and CERT Coordination Centre’s VINCE platform. Universal Robots has since released an updated version of PolyScope intended to close the security gap.

How the vulnerability allows remote control

Researchers explained that the weakness stems from the way the Dashboard Server processes user input. The service reportedly passes commands directly to the robot’s operating system without sufficiently filtering special command characters or malicious instructions.

This failure to properly sanitise user-controlled input creates a command injection vulnerability, as security professionals describe it. In practice, it means a remote attacker could send specially crafted commands that the robot executes with full system privileges.

Security experts warned that exploitation could compromise the confidentiality, integrity and availability of the entire robotic system. Once access is obtained, attackers may be able to alter robot behaviour, disrupt production operations or potentially interfere with safety mechanisms.

Universal Robots has released a fix in PolyScope version 5.25.1 and urged customers to install the update immediately. However, cybersecurity specialists noted that the patch only protects systems after it has been deployed, leaving organisations vulnerable if updates are delayed.

The company stated that all users should upgrade to version 5.25.1 or later “as soon as possible” to reduce the risk of exploitation. Industrial operators often postpone software updates to avoid production downtime, but researchers cautioned that delaying installation could leave critical systems exposed.

Network security remains a major concern

According to Universal Robots, successful remote exploitation depends on specific network conditions. The robot’s Dashboard Server must be enabled through the user interface, and the associated network port must also be accessible to an attacker.

The company stressed that its robots are not intended to be directly exposed to the public internet. In most industrial environments, inbound internet traffic is blocked through corporate firewalls and perimeter security controls.

Even so, systems connected to local area networks may still face risks from compromised devices operating within the same environment. A malicious actor who gains access to an internal workstation could potentially communicate with vulnerable robots if network segmentation is weak or absent.

“Security of your network is essential to security of your robot,” the company warned in its customer advisory.

At the time of disclosure, no public cases of active exploitation targeting this specific flaw had been reported to CISA. Nevertheless, cybersecurity analysts noted that the technical requirements for exploitation are relatively straightforward in many industrial settings.

Factory environments often include interconnected operational technology systems that share internal network access. If attackers breach a single machine on the production floor, they may be able to move laterally across the network and interact with robotic systems that were never intended to handle hostile traffic.

Safety risks extend beyond data theft

The discovery has renewed debate over cybersecurity protections in industrial robotics, particularly as collaborative robots become increasingly common in workplaces where humans and automated machines operate side by side.

Unlike conventional IT breaches, attacks involving industrial robots may create physical safety risks in addition to operational disruption. A compromised robot could potentially perform unintended movements, interfere with manufacturing processes or endanger nearby workers.

Researchers stressed that there is no evidence suggesting this vulnerability could trigger any form of autonomous robotic uprising. Instead, the concern centres on ordinary cybercriminals or hostile actors exploiting poorly protected industrial systems for sabotage, disruption, or unauthorised access.

Security specialists said the incident highlights a broader challenge facing industrial automation. Many operational technology environments were originally designed with reliability and productivity in mind rather than modern cybersecurity requirements.

As more factories connect robotic equipment to internal business systems and remote management platforms, the attack surface available to cyber criminals continues to grow. Experts increasingly recommend network segmentation, strict access controls and regular software patching as essential safeguards for industrial operators.

The vulnerability affecting Universal Robots systems serves as another reminder that industrial automation security depends not only on the robots themselves, but also on the networks and infrastructure surrounding them.