CVE-2020-10272 (GCVE-0-2020-10272)
Vulnerability from cvelistv5
Published
2020-06-24 04:35
Modified
2024-09-17 01:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mobile Industrial Robots A/S | MiR100 |
Version: v2.8.1.1 and before |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MiR100",
"vendor": "Mobile Industrial Robots A/S",
"versions": [
{
"status": "affected",
"version": "v2.8.1.1 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Victor Mayoral Vilches, Alfonso Glera, Lander Usategui, Unai Ayucar, Xabier S\u00e1ez de C\u00e1mara (Alias Robotics)"
}
],
"datePublic": "2020-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T04:35:12",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2554"
}
],
"source": {
"defect": [
"RVD#2554"
],
"discovery": "EXTERNAL"
},
"title": "RVD#2554: MiR ROS computational graph presents no authentication mechanisms",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-06-24T04:32:35 +00:00",
"ID": "CVE-2020-10272",
"STATE": "PUBLIC",
"TITLE": "RVD#2554: MiR ROS computational graph presents no authentication mechanisms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MiR100",
"version": {
"version_data": [
{
"version_value": "v2.8.1.1 and before"
}
]
}
}
]
},
"vendor_name": "Mobile Industrial Robots A/S"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Victor Mayoral Vilches, Alfonso Glera, Lander Usategui, Unai Ayucar, Xabier S\u00e1ez de C\u00e1mara (Alias Robotics)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "critical",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/2554",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/2554"
}
]
},
"source": {
"defect": [
"RVD#2554"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10272",
"datePublished": "2020-06-24T04:35:12.949127Z",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-09-17T01:32:00.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…