← Volver a CVEs
CVE-2020-10272
CRITICAL9.8
Descripcion
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/24/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
aliasrobotics:mir100aliasrobotics:mir1000aliasrobotics:mir1000_firmwarealiasrobotics:mir100_firmwarealiasrobotics:mir200aliasrobotics:mir200_firmwarealiasrobotics:mir250aliasrobotics:mir250_firmwarealiasrobotics:mir500aliasrobotics:mir500_firmwareenabled-robotics:er-flexenabled-robotics:er-flex_firmwareenabled-robotics:er-liteenabled-robotics:er-lite_firmwareenabled-robotics:er-oneenabled-robotics:er-one_firmwaremobile-industrial-robotics:er200mobile-industrial-robotics:er200_firmwareuvd-robots:uvd_robotsuvd-robots:uvd_robots_firmware
Debilidades (CWE)
CWE-306CWE-306
Referencias
https://github.com/aliasrobotics/RVD/issues/2554(cve@aliasrobotics.com)
https://github.com/aliasrobotics/RVD/issues/2554(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.