Teradyne Robotics underscores commitment to cybersecurity with CVE Numbering Authority (CNA) status

ODENSE, Denmark – Universal Robots (UR) and Mobile Industrial Robots (MiR) have joined the Common Vulnerabilities and Exposures (CVE) program this month to bolster responsible vulnerability reporting and grant their customers access to information directly from the source.

The CVE program helps to standardize how vulnerabilities are tracked and managed across the cybersecurity ecosystem for information technology and cybersecurity professionals, reducing risk of delayed patches and increasing transparency, which is critical in industries where cyberattacks cause costly downtime.

“By meeting the program’s rigorous public disclosure requirements, we give customers the assurance that any potential security issue discovered in our products is communicated transparently, addressed promptly, and shared openly with the wider community. This partnership reinforces our promise to remain a reliable, security-first ally for our customers.”

Teradyne Robotics will operate as a CVE Numbering Authority (CNA) under the direction of CISA Industrial Control Systems (ICS). In this capacity, the robotics manufacturer will identify and document vulnerabilities within UR and MiR products and designated areas of responsibility for public disclosure, taking a proactive approach to cybersecurity through greater transparency and streamlined reporting.

As part of their new responsible disclosure policy, UR and MiR will now coordinate disclosure of vulnerabilities with research partners worldwide through CISA ICS. To protect customers and operational integrity, MiR and UR test and remediate vulnerabilities through rigorous testing and provide patches to mitigate security issues in close coordination with third parties.

“As a CNA, we’re proud to contribute to the global effort to strengthen cybersecurity. One of the primary industries we supply is manufacturing – the most targeted sector for cyberattacks four years running, according to IBM’s latest Threat Index report. This risk is a key reason many manufacturers hesitate to adopt digital solutions. To truly create automation for anyone, anywhere, we believe it’s our responsibility to take a security-first approach,” President of UR Jean-Pierre Hathout said.

What is CVE?

The CVE program is an international, community-based effort that relies on an authorized community of CNAs to register vulnerabilities. Once discovered and assigned by the CNAs, the vulnerabilities are published to the CVE List.

The CVE Records published in the catalog then enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. CVE enables multiple users to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings. The list also feeds the U.S. National Vulnerability Database (NVD).

The CVE Board, which guides the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. CVE Working Groups, approved by the Board, develop the program’s policies, and are open to the community.