fkie_cve-2020-10273
Vulnerability from fkie_nvd
Published
2020-06-24 05:15
Modified
2024-11-21 04:55
Severity ?
Summary
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@aliasrobotics.com | https://github.com/aliasrobotics/RVD/issues/2560 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aliasrobotics/RVD/issues/2560 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA",
"versionEndIncluding": "2.8.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data."
},
{
"lang": "es",
"value": "Los controladores MiR hasta las versiones de firmware 2.8.1.1 y anteriores, no cifran ni protegen de ninguna manera los artefactos de propiedad intelectual instalados en los robots. Este fallo permite a atacantes con acceso al robot o a la red del robot (en combinaci\u00f3n con otros fallos) recuperar y exfiltrar f\u00e1cilmente toda la propiedad intelectual y los datos instalados"
}
],
"id": "CVE-2020-10273",
"lastModified": "2024-11-21T04:55:06.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@aliasrobotics.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T05:15:13.020",
"references": [
{
"source": "cve@aliasrobotics.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2560"
}
],
"sourceIdentifier": "cve@aliasrobotics.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "cve@aliasrobotics.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…