CPATH-2026-0028 · ROBOTICS HUMANOID

Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse

Provisional. Candidate score (CFSE Consequence Paths 1.0-candidate); pending independent review. Treat as a structured second opinion, not a final rating.

Paths CRITICAL Dominant consequence PERCEPTION_TO_ACTION perception · Evidence EV:3 (reproduced / report-backed) · Liveness HISTORICAL

CPATH ID	`CPATH-2026-0028`
CVE(s)	—
Device / class	Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse (ROBOTICS HUMANOID)
Vendor	University of Washington (Raven II)
Dominant consequence	`PERCEPTION_TO_ACTION` (perception)
Paths verdict	CRITICAL (worst of 3 paths)
Published baseline	No public baseline score is published for this case. The registry still records the reachable consequence path for review.
Baseline relationship	⊘ no published baseline
Consequence dimension(s)	#2 #7 (what these mean)
Scored	2026-06-03 · CFSE Consequence Paths v1.0-candidate · validation: provisional
Baseline confidence	low

Citation review open. One or more source labels do not yet include public links. Treat those facts as needing citation review before relying on them.

Consequence Paths

Paths Assessment

perception

`PERCEPTION_TO_ACTION`

CRITICAL

Reachability RE:2

Complexity EC:2

Consequence PERCEPTION_TO_ACTION

Scale SR:3 / SX:2

Verdict CRITICAL

Reachability 2

Complexity 2

Exposure 2

Physical / safety 4

Data / perception 4

Authority 3

Chainability 3

Reuse scale 3

Execution scale 2

Recovery 2

Evidence EV:3 · reproduced / report-backed

Liveness HISTORICAL

Vector

CPATH:1.0-candidate/TT:PERCEPTION_TO_ACTION/RE:2/EC:2/EX:2/PH:4/DP:4/AT:3/CH:3/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Physical/safety

`DEVICE_CONTROL_SAFETY`

CRITICAL

Reachability RE:2

Complexity EC:2

Consequence DEVICE_CONTROL_SAFETY

Scale SR:3 / SX:2

Verdict CRITICAL

Reachability 2

Complexity 2

Exposure 2

Physical / safety 4

Data / perception 3

Authority 3

Chainability 3

Reuse scale 3

Execution scale 2

Recovery 2

Evidence EV:3 · reproduced / report-backed

Liveness HISTORICAL

Vector

CPATH:1.0-candidate/TT:DEVICE_CONTROL_SAFETY/RE:2/EC:2/EX:2/PH:4/DP:3/AT:3/CH:3/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Physical/safety

`DEVICE_AVAILABILITY`

CRITICAL

Reachability RE:2

Complexity EC:3

Consequence DEVICE_AVAILABILITY

Scale SR:3 / SX:2

Verdict CRITICAL

Reachability 2

Complexity 3

Exposure 2

Physical / safety 4

Data / perception 1

Authority 2

Chainability 2

Reuse scale 3

Execution scale 2

Recovery 2

Evidence EV:3 · reproduced / report-backed

Liveness HISTORICAL

Vector

CPATH:1.0-candidate/TT:DEVICE_AVAILABILITY/RE:2/EC:3/EX:2/PH:4/DP:1/AT:2/CH:2/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Assessment

CFSE Consequence Paths assesses Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse at CRITICAL — the worst of 3 risk paths (perception, safety). The dominant consequence is manipulated perception that drives action.

Vulnerability

Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse. Reported attack vector: Network (man-in-the-middle on teleoperation link).

CFSE Consequence Paths analysis

The vulnerability is decomposed into one risk path per terminal consequence. Each path is scored on its exposure (reachability × execution complexity) and the authority, perception, and physical/safety it reaches, together with its scale of reuse, scale of execution, and recoverability.

`PERCEPTION_TO_ACTION` → CRITICAL

CPATH:1.0-candidate/TT:PERCEPTION_TO_ACTION/RE:2/EC:2/EX:2/PH:4/DP:4/AT:3/CH:3/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Exposure EX=2 (reachability and complexity-bound) · bands PH=CRITICAL · DP=CRITICAL · AT=HIGH → base CRITICAL → assessed CRITICAL.

Intention-modification: MITM on the unauthenticated/unencrypted teleoperation link lets the attacker read and alter the command/feedback stream so the corrupted perception loop between surgeon and robot drives unintended actuation.
RE2 — (network MITM position on the control path; demonstrated on public/shared networks, not internet-default and not victim physical).
EC2 — advanced-but-reproducible MITM, but trivial once positioned.
AT3 — control-channel/command authority over robot, not OS root or signing root.
PH4 — and DP4 because the manipulated feedback/command state is safety-relevant world/control state on a patient-manipulating robot;
perception_feeds_action — true.
CH3 — crosses console/network/device/physical/safety boundaries.
SR3 — protocol-level weakness reuses across deployments using the same unprotected protocol but is not a shared key/artifact.
SX2 — per-link/per-deployment proximity, no fleet mechanism.
EV3 — reproduced (DSN 2015).

`DEVICE_CONTROL_SAFETY` → CRITICAL

CPATH:1.0-candidate/TT:DEVICE_CONTROL_SAFETY/RE:2/EC:2/EX:2/PH:4/DP:3/AT:3/CH:3/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Exposure EX=2 (reachability and complexity-bound) · bands PH=CRITICAL · DP=HIGH · AT=HIGH → base CRITICAL → assessed CRITICAL.

Full hijacking: attacker gains effective control authority over robot motion without credentials, overriding/ignoring operator inputs to drive dangerous actuation against a patient.
RE2 — network MITM position.
EC2 — reproducible MITM, simple injection once positioned.
AT3 — control/command authority (no root-of-trust or signing key compromised).
PH4 — credible patient injury from unintended/maliciously commanded motion;
perception_feeds_action — true since the hijacked command stream directly causes safety-relevant physical action.
DP3 — control/command state.
CH3 — and boundary_crossing across network/device/physical/safety.
SR3 — protocol-class reuse.
SX2 — per-link, no demonstrated fleet execution.
OR2 — recovery is operational (regain link, abort).
EV3 — reproduced.

`DEVICE_AVAILABILITY` → CRITICAL

CPATH:1.0-candidate/TT:DEVICE_AVAILABILITY/RE:2/EC:3/EX:2/PH:4/DP:1/AT:2/CH:2/SR:3/SX:2/OR:2/EV:3/LS:HISTORICAL

Exposure EX=2 (reachability-bound) · bands PH=CRITICAL · DP=ELEVATED · AT=ELEVATED → base CRITICAL → assessed CRITICAL.

E-stop abuse: a single unauthenticated packet triggers the robot’s own emergency-stop to deny operation mid-procedure.
RE2 — network MITM/on-path position.
EC3 — standard once positioned but notably efficient (single packet); not EC4 because it still needs an on-path/injection position.
AT2 — abuse of a bounded safety/availability control rather than full command authority.
PH3 — safety-margin reduction: aborting/halting mid-procedure is disruptive and can reduce safety margin but is the platform’s fail-safe rather than dangerous actuation, so not PH4.
DP1 — negligible data impact.
CH2 — crosses network/device/safety boundary, limited chainability.
SR3 — protocol-class reuse.
SX2 — per-link.
OR2 — operational recovery (regain link, abort/restart).
EV3 — reproduced.

Published baseline

No public baseline score has been published for this finding. It belongs to a perception/control harm class that is often outside published vulnerability-scoring coverage. The registry records the reachable consequence path for review.

Sources

source citation pending public URL

Score it yourself in the calculator Review this score

Cite this entry:

CFSE Consequence Paths Registry v1.0-candidate, entry CPATH-2026-0028 (“Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse”), paths.cfse.ai/CPATH-2026-0028 (published 2026-06-03).

Teleoperated surgical robot (Raven II) command hijacking & E-stop abuse

Paths Assessment

Assessment

Vulnerability

CFSE Consequence Paths analysis

PERCEPTION_TO_ACTION → CRITICAL

DEVICE_CONTROL_SAFETY → CRITICAL

DEVICE_AVAILABILITY → CRITICAL

Published baseline

Sources

`PERCEPTION_TO_ACTION` → CRITICAL

`DEVICE_CONTROL_SAFETY` → CRITICAL

`DEVICE_AVAILABILITY` → CRITICAL