CISA ICS Alert: Robot Motion Servers

CISA has published an alert advising it is aware of a public report of a vulnerability affecting robot motion servers. The motion servers are programs written in OEM exclusive programming languages and run on the robot controller. Motion servers enable receiving target values and optionally sending actual values. According to the public report, which was coordinated with CISA prior to its release, researchers identified this vulnerability in the motion servers that allows an adjacent attacker to execute arbitrary code. This vulnerability in motion servers is not limited to any one vendor but exist in many OEM robots, both open- and closed-source. CISA is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. This alert includes further details about the vulnerability as well as a list of short-to-medium term mitigations. Read the alert at CISA.