fkie_cve-2020-10271
Vulnerability from fkie_nvd
Published
2020-06-24 05:15
Modified
2024-11-21 04:55
Severity ?
Summary
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@aliasrobotics.com | https://github.com/aliasrobotics/RVD/issues/2555 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aliasrobotics/RVD/issues/2555 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR\u0027s operations are centered around the framework (ROS)."
},
{
"lang": "es",
"value": "MiR100, MiR200 y otros robots MiR usan los paquetes predeterminados del Robot Operating System (ROS) que exponen el gr\u00e1fico computacional a todas las interfaces de red, inal\u00e1mbricas y cableadas. Este es el resultado de una configuraci\u00f3n incorrecta y puede ser mitigado ajustando el ROS de forma apropiada y/o aplicando parches seg\u00fan sea apropiado. Actualmente, puede accederse completamente al gr\u00e1fico computacional del ROS desde los puertos expuestos cableados. En combinaci\u00f3n con otros fallos como CVE-2020-10269, el gr\u00e1fico computacional tambi\u00e9n puede ser recuperado e interactuado desde redes inal\u00e1mbricas. Esto permite a un operador malicioso tomar el control de la l\u00f3gica del ROS y, en consecuencia, del robot completo dado que las operaciones de MiR se centran en el framework (ROS)"
}
],
"id": "CVE-2020-10271",
"lastModified": "2024-11-21T04:55:06.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "cve@aliasrobotics.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T05:15:12.847",
"references": [
{
"source": "cve@aliasrobotics.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2555"
}
],
"sourceIdentifier": "cve@aliasrobotics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "cve@aliasrobotics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…