PT-2020-12023 · Mobile Industrial Robots A/S+3 · Mir100+10

Alias Robotics

Publicado

2020-06-24

Atualizado

2021-09-14

CVE-2020-10274

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.

Correção

Information Disclosure

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-330

Identificadores relacionados

CVE-2020-10274

Produtos afetados

Mir100

Er-Flex Firmware

Er-Lite Firmware

Er-One Firmware

Er200 Firmware

Mir1000 Firmware

Mir100 Firmware

Mir200 Firmware

Mir250 Firmware

Mir500 Firmware

Uvd Firmware

PT-2020-12023 · Mobile Industrial Robots A/S+3 · Mir100+10

CVE-2020-10274

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6