CVE-2020-10271

Name of the Vulnerable Software and Affected Versions MiR100, MiR200 and other MiR robots (affected versions not specified)

Description The issue is related to the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces. This exposure is due to a bad setup and can be exploited by malicious operators to take control of the ROS logic and, consequently, the complete robot. The ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws, the computational graph can also be fetched and interacted with from wireless networks.

Recommendations For MiR100, MiR200 and other MiR robots, appropriately configure ROS to mitigate the issue. Apply custom patches as appropriate to secure the ROS computational graph. Restrict access to the wired exposed ports to minimize the risk of exploitation. Consider disabling unnecessary network interfaces to reduce the attack surface until a proper configuration or patch is applied.