RVD#2569: Insecure operating system defaults in MiR robots
CVE-2020-10279

10CRITICAL

Key Information:

Vendor: Mobile Industrial Robots A/s
Status: Mir100
Vendor: CVE Published:; 24 June 2020

🔔 Create Mobile Industrial Robots A/s Vulnerability Alert

What is CVE-2020-10279?

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.

Affected Version(s)

MiR100 v2.8.1.1 and before

References

https://github.com/aliasrobotics/RVD/issues/2569

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2020
Vulnerability Reserved
Mar 10, 2020

Credit

Víctor Mayoral Vilches (Alias Robotics)

CVE-2020-10279 Data

JSON