Alfonso Glera

**Name of the Vulnerable Software and Affected Versions** IRC5 (affected versions not specified) **Description** The issue allows unauthorized access to the FTP server on port 21. When attempting to gain access, a request for a username and password is made, but any non-empty input is accepted for these fields. **Recommendations** For IRC5, as a temporary workaround, consider restricting access to the FTP server on port 21 until a proper authentication mechanism is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xarm studio version 1.3.0 **Description** The issue allows for control of the robot inside the network without requiring authentication. According to the user manual, there should be an option to add a password to the robot, but this option is missing from the menu in xarm studio 1.3.0. This allows for manual control, including forcefully removing the current operator from an active session. **Recommendations** For xarm studio version 1.3.0, consider adding a password to the robot manually or through alternative means to restrict unauthorized access, and ensure that only authorized operators have control over the robot. As a temporary workaround, restrict access to the robot's control interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xArm controller (affected versions not specified) **Description** The authentication implementation has very low entropy, making it susceptible to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned, so the information cannot be provided. **Description** The main user account has restricted privileges but is in the sudoers group. There is no mechanism in place to prevent the use of `sudo su` or `sudo -i`, which can be used to gain unrestricted access to sensitive files, encryption, or issue orders that disrupt robot operation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABB IRC5 family with UAS service enabled (affected versions not specified) **Description** The issue concerns default credentials that can be easily found in publicly available manuals for the ABB IRC5 family with UAS service enabled. Although intended to facilitate setup, research has shown that multiple production systems are using these default credentials, posing a significant exposure risk. It is recommended that future deployments should require users to change these defaults to enhance security. **Recommendations** For the ABB IRC5 family with UAS service enabled, consider changing the default credentials to custom ones as a mitigation measure. As a temporary workaround, restrict access to systems using the default credentials until custom credentials can be set. Force users to change the default credentials during the initial setup of future deployments to minimize the risk of exposure.

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to the lack of a mechanism to prevent booting from a live OS image, which can lead to the extraction of sensitive files, such as the shadow file, or privilege escalation by manually adding a new user with sudo privileges on the machine. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiR's Computer (affected versions not specified) **Description** The BIOS onboard MiR's Computer is not protected by a password, allowing a malicious operator to modify settings such as boot order. This can be leveraged to boot from a Live Image. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiR100, MiR200 and other MiR robots (affected versions not specified) **Description** The issue is related to the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces. This exposure is due to a bad setup and can be exploited by malicious operators to take control of the ROS logic and, consequently, the complete robot. The ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws, the computational graph can also be fetched and interacted with from wireless networks. **Recommendations** For MiR100, MiR200 and other MiR robots, appropriately configure ROS to mitigate the issue. Apply custom patches as appropriate to secure the ROS computational graph. Restrict access to the wired exposed ports to minimize the risk of exploitation. Consider disabling unnecessary network interfaces to reduce the attack surface until a proper configuration or patch is applied.