PT-2020-12021 · Mobile Industrial Robots A/S+4 · Mir100+10

Alfonso Glera

Published

2020-06-24

Updated

2020-07-06

CVE-2020-10272

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-10272

Affected Products

Mir100

Er-Flex Firmware

Er-Lite Firmware

Er-One Firmware

Er200 Firmware

Mir1000 Firmware

Mir100 Firmware

Mir200 Firmware

Mir250 Firmware

Mir500 Firmware

Uvd Robots Firmware

PT-2020-12021 · Mobile Industrial Robots A/S+4 · Mir100+10

CVE-2020-10272

Weakness Enumeration

Related Identifiers

Affected Products

References · 5