PT-2020-12022 · Mir · Mir Controllers

Victor Mayoral Vilches

Published

2020-06-24

Updated

2021-12-21

CVE-2020-10273

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MiR controllers versions 2.8.1.1 and earlier

Description The issue concerns the lack of encryption or protection for intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network to retrieve and easily exfiltrate all installed intellectual property and data, especially when combined with other flaws.

Recommendations For versions 2.8.1.1 and earlier, consider restricting access to the robot and its network to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the installation of sensitive intellectual property artifacts on the robots. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-312

Related Identifiers

CVE-2020-10273

Affected Products

Mir Controllers

PT-2020-12022 · Mir · Mir Controllers

CVE-2020-10273

Weakness Enumeration

Related Identifiers

Affected Products

References · 8