CVE-2020-10271 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-10271 PUBLISHED CVSS 10 CRITICAL

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).

EPSS 0.44% · 63.0th percentile

Risk Scores

CVSS v3.0

10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.44%

63.0th percentile

Affected Products

Vendor	Product	Versions
aliasrobotics	mir250_firmware	0
mobile-industrial-robotics	er200_firmware	0
aliasrobotics	mir1000_firmware	0
enabled-robotics	er-one_firmware	0
Mobile Industrial Robots A/S	MiR100	v2.8.1.1 and before
aliasrobotics	mir200_firmware	0
enabled-robotics	er-lite_firmware	0
enabled-robotics	er-flex_firmware	0
uvd-robots	uvd_robots_firmware	0
aliasrobotics	mir500_firmware	0
aliasrobotics	mir100_firmware	0

Timeline

Jun 24, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

Open in Interactive Console →