Strix
26.1K

CVE-2020-10271

CRITICALCVSS 9.8/10EPSS 1.77%

Last modified

CVE-2020-10271 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. EPSS estimates a 1.77% chance of exploitation in the next 30 days.

Description

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.77%

75.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AliasroboticsMir100 Firmware<= 2.8.1.1
AliasroboticsMir200 Firmware<= 2.8.1.1
AliasroboticsMir250 Firmware<= 2.8.1.1
AliasroboticsMir500 Firmware<= 2.8.1.1
AliasroboticsMir1000 Firmware<= 2.8.1.1
Mobile-Industrial-RoboticsEr200 Firmware<= 2.8.1.1
Enabled-RoboticsEr-Lite Firmware<= 2.8.1.1
Enabled-RoboticsEr-Flex Firmware<= 2.8.1.1
Enabled-RoboticsEr-One Firmware<= 2.8.1.1
Uvd-RobotsUvd Robots Firmware<= 2.8.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-10271?
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
How severe is CVE-2020-10271?
CVE-2020-10271 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.77% probability of exploitation in the next 30 days.
How do I fix CVE-2020-10271?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10271?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST