Bernhard Dieber

**Name of the Vulnerable Software and Affected Versions** MiR100 (affected versions not specified) MiR200 (affected versions not specified) MiR250 (affected versions not specified) MiR500 (affected versions not specified) MiR1000 (affected versions not specified) **Description** A wireless interface in certain MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode with default and widely known SSID and passwords. This information has been available in past User Guides and manuals distributed by the vendor. The issue has been confirmed in MiR100 and MiR200, and it may also apply to other models. **Recommendations** For MiR100, consider changing the default SSID and password to secure the wireless Access Point. For MiR200, update the wireless interface configuration to use unique and secure SSID and passwords. For MiR250, MiR500, and MiR1000, if the issue applies, change the default wireless Access Point settings to secure credentials. As a temporary workaround, consider disabling the WiFi Master mode until secure configurations can be implemented.

**Name of the Vulnerable Software and Affected Versions** Safety PLC (affected versions not specified) **Description** The password for the safety PLC is the default and easily accessible, allowing a manipulated program to be uploaded, which can disable the emergency stop when an object is too close to the robot. This issue does not affect navigation or components dependent on the laser scanner, making it difficult to detect before an incident occurs. However, the laser scanner configuration can also be affected, further altering the safety of the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.