I have seen all of these vulnerabilities in widely-deployed products of varying sorts (this was my day job for many years). I don't know who these authors are, I'm just saying that the bugs aren't theoretical.
I'm not sure that we agree on what theoretical means. That these classes of bugs are probable does not make their existence in any particular software any less theoretical an in the absence of evidence. Which software? Which endpoint? Sample exploit? One example of a robot executing an unauthorized command? The authors do not say and only offer vague assertions and contrived examples.