'Security of your network is essential to security of your robot': Industrial robots targeted by malware, which could open them up to hacking — is this how the revolution begins?

• Attackers can remotely execute commands on vulnerable industrial robots without requiring authentication
• Outdated factory robots may expose entire manufacturing networks to devastating cyberattacks today
• Poor network segmentation could allow compromised workstations to hijack nearby collaborative robots

A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company's collaborative robots.

The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1.

An unauthenticated attacker who can reach the Dashboard Server network port can craft commands that execute directly on the robot's underlying operating system.

Latest Videos From

Command injection vulnerability actually works

This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability of the entire system

The Dashboard Server accepts user-controlled input and passes it to the operating system without properly neutralizing special command elements.

This oversight allows an attacker to inject arbitrary commands that the robot will execute with full system privileges.

The flaw was discovered and reported by Vera Mens of Claroty Team82, who coordinated the disclosure through CISA and CERT/CC's VINCE platform.

Universal Robots has released a patch in PolyScope 5.25.1, which is available on the company's support site for all affected customers - but the patch does nothing until someone actually installs it, and every day that passes without updating is another day attackers have to exploit known vulnerabilities.

Therefore, the company strongly recommends that every user update to version 5.25.1 or newer as soon as possible.

Network security is the real protection against this exploitation

Remote exploitation of this vulnerability requires the robot's Dashboard Server to be enabled in the user interface, and its network port must be reachable by the attacker.

Universal Robots stated that its products are not designed to be accessible directly from the internet, and direct inbound internet access is typically prevented by corporate firewalls.

However, robots that are accessible from a local area network may be vulnerable to attacks originating from within that network.

"Security of your network is essential to security of your robot," the company warned in its advisory to customers and integrators.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at the time of this disclosure.

This vulnerability is serious, and the conditions for exploitation are not difficult to imagine in real industrial environments.

A compromised workstation on the same factory floor network could easily reach a robot's Dashboard Server port if proper network segmentation is missing.

Their behaviour afterwards could be unpredictable, because it is controlled by someone other than its owners.

Therefore, this will likely not lead to some sort of autonomous robotic revolution, but only represents the preponderance of hackers trying to gain control of systems.

The rise of collaborative robots working alongside humans makes this threat particularly concerning because a compromised robot could cause physical harm to nearby personnel.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.