CVE-2020-10276

Name: CVE-2020-10276
Creator: NVD / NIST
Published: 2020-06-24T05:15:13.27+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.50%

Last modified Jun 17, 2026

CVE-2020-10276 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.50%

71.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mobile-Industrial-Robots	Mir100 Firmware	<= 2.8.1.1
Mobile-Industrial-Robots	Mir200 Firmware	All versions
Mobile-Industrial-Robots	Mir250 Firmware	All versions
Mobile-Industrial-Robots	Mir500 Firmware	All versions
Mobile-Industrial-Robots	Mir1000 Firmware	All versions
Easyrobotics	Er200 Firmware	All versions
Easyrobotics	Er-Lite Firmware	All versions
Easyrobotics	Er-Flex Firmware	All versions
Easyrobotics	Er-One Firmware	All versions
Uvd-Robots	Uvd Firmware	All versions

References

https://github.com/aliasrobotics/RVD/issues/2558Third Party Advisory
https://github.com/aliasrobotics/RVD/issues/2558Third Party Advisory

Timeline

Published: Jun 24, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-10276?

How severe is CVE-2020-10276?

CVE-2020-10276 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2020-10276?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10276?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST