VDB
CVE-2020-10272
CVE-2020-10272
PUBLISHED
CVSS 10 CRITICAL
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
EPSS 0.47% · 65.0th percentile
Risk Scores
CVSS v3.0
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.47%
65.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| aliasrobotics | mir500_firmware | 0 |
| mobile-industrial-robotics | er200_firmware | 0 |
| enabled-robotics | er-lite_firmware | 0 |
| enabled-robotics | er-flex_firmware | 0 |
| aliasrobotics | mir250_firmware | 0 |
| Mobile Industrial Robots A/S | MiR100 | v2.8.1.1 and before |
| uvd-robots | uvd_robots_firmware | 0 |
| aliasrobotics | mir1000_firmware | 0 |
| aliasrobotics | mir200_firmware | 0 |
| enabled-robotics | er-one_firmware | 0 |
| aliasrobotics | mir100_firmware | 0 |
Timeline
- Jun 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score