The industrial robots that manufacture cars, airplanes, food, and medicine are vulnerable to cyber attacks, thanks to outdated operating systems and unsecured networks, researchers say in a recent report.

According to report released on Wednesday by cyber security firm Trend Micro, researchers found that hackers could take advantage of a handful of weaknesses in the software and configurations of industrial robots made by five major manufacturers, including ABB, Fanuc, Kawasaki, Mitsubishi, and Yaskawa. If hackers were to take advantage of these vulnerabilities, the result could range from defective cars and planes to poisonous food and medicine, to dangerous work environments for robot operators, the report finds.

Researchers from Trend Micro and Politecnico di Milano, a technology university in Milan, Italy, programmed a robotic arm to draw a straight line. The researchers were able to wage a remote attack against the robot arm's controller to alter the command sent to the robot to make it draw a line off by two millimeters. A minor defect like this in a manufacturing plant could have "serious repercussions," a summary of the report reads.

Trend Micro says hackers could introduce "virtually invisible defects" in a product can cause the product to malfunction.

"If these robots are welding a car chassis together or a wing on an airplane, two millimeters can be catastrophic," Mark Nunnikhoven, the vice president of cloud research at Trend Micro, tells Recode.

A minor defect in a car or an airplane could result in serious injury, or death for the customer and "significant financial losses" for the manufacturer, Trend Micro's report says.

The researchers' analysis found that the vulnerabilities stem from three main weaknesses: industrial robots are running on outdated and vulnerable software and operating systems, many robots have unchangeable, default usernames and passwords set by the manufacturer, and tens of thousands industrial devices are connected to public IP addresses instead of behind a firewall.

The robot vendors, Trend Micro says, have taken the results seriously and are showing "a positive attitude' toward securing their robots.

Published on: May 3, 2017