An unauthenticated OS command injection vulnerability in the Universal Robots PolyScope Dashboard Server allows for remote code execution on the robot's operating system.

The Dashboard Server interface fails to validate input, allowing an unauthenticated attacker to inject and execute arbitrary OS commands on the robot's controller.

Given the CVSS score of 9.8, this vulnerability poses a severe risk to industrial operations. An attacker could take control of the robot, potentially causing physical damage, halting production lines, or using the robot as a beachhead for further network lateral movement.

Immediate Action: Update PolyScope to version 5.21.1 or later.

Proactive Monitoring: Isolate the robot's network and monitor traffic to the Dashboard Server port for any unauthorized or unusual command strings.

Compensating Controls: Use network segmentation (VLANs) to restrict access to the robot's management interfaces to only necessary, trusted administrative workstations.

Public Exploit Available: No

Industrial control systems require immediate remediation. Organizations should prioritize updating their Universal Robots fleet to prevent unauthorized physical and digital access.