CVE-2020-10272
Last modified
CVE-2020-10272 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. EPSS estimates a 2.46% chance of exploitation in the next 30 days.
Description
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aliasrobotics | Mir100 Firmware | <= 2.8.1.1 |
| Aliasrobotics | Mir200 Firmware | <= 2.8.1.1 |
| Aliasrobotics | Mir250 Firmware | <= 2.8.1.1 |
| Aliasrobotics | Mir500 Firmware | <= 2.8.1.1 |
| Aliasrobotics | Mir1000 Firmware | <= 2.8.1.1 |
| Mobile-Industrial-Robotics | Er200 Firmware | <= 2.8.1.1 |
| Enabled-Robotics | Er-Lite Firmware | <= 2.8.1.1 |
| Enabled-Robotics | Er-Flex Firmware | <= 2.8.1.1 |
| Enabled-Robotics | Er-One Firmware | <= 2.8.1.1 |
| Uvd-Robots | Uvd Robots Firmware | <= 2.8.1.1 |
References
- https://github.com/aliasrobotics/RVD/issues/2554Exploit, Third Party Advisory
- https://github.com/aliasrobotics/RVD/issues/2554Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10272?
How severe is CVE-2020-10272?
How do I fix CVE-2020-10272?
Are you affected by CVE-2020-10272?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST