CVE-2020-10271— RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-10271
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones
Source: NVD (National Vulnerability Database)
Vulnerability Description
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mobile Industrial Robots MiR100 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100存在安全漏洞。攻击者可利用该漏洞获取计算图表。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Alias Robotics MiR100;使用2.8.1.1及之前版本固件的Alias Robotics MiR200;使用2.8.1.1及之前版本固件的Alias Robotics Mi
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mobile Industrial Robots A/S | MiR100 | v2.8.1.1 and before | - |
II. Public POCs for CVE-2020-10271
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-10271
请登录查看更多情报信息。
- https://github.com/aliasrobotics/RVD/issues/2555x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-10271
Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total
| CVE-2020-10269 | RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point | |
| CVE-2020-10270 | RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard | |
| CVE-2020-10272 | RVD#2554: MiR ROS computational graph presents no authentication mechanisms | |
| CVE-2020-10273 | RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers | |
| CVE-2020-10274 | RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor | |
| CVE-2020-10275 | RVD#2565: Weak token generation for the REST API. | |
| CVE-2020-10276 | RVD#2558: Default credentials on SICK PLC allows disabling safety features | |
| CVE-2020-10277 | RVD#2562: Booting from a live image leads to exfiltration of sensible information and priv | |
| CVE-2020-10278 | RVD#2561: Unprotected BIOS allows user to boot from live OS image. | |
| CVE-2020-10279 | RVD#2569: Insecure operating system defaults in MiR robots | |
| CVE-2020-10280 | RVD#2568: Apache server is vulnerable to a DoS |
IV. Related Vulnerabilities
Same product: MiR100
- CVE-2020-10279
RVD#2569: Insecure operating system defaults in MiR robots - CVE-2020-10280
RVD#2568: Apache server is vulnerable to a DoS - CVE-2020-10269
RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Po - CVE-2020-10275
RVD#2565: Weak token generation for the REST API. - CVE-2020-10273
RVD#2560: Unprotected intellectual property in Mobile Indust
Same vendor: Mobile Industrial Robots A/S
- CVE-2020-10279
RVD#2569: Insecure operating system defaults in MiR robots - CVE-2020-10280
RVD#2568: Apache server is vulnerable to a DoS - CVE-2020-10269
RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Po - CVE-2020-10275
RVD#2565: Weak token generation for the REST API. - CVE-2020-10273
RVD#2560: Unprotected intellectual property in Mobile Indust
Same weakness: CWE-668
- CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41362
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache - CVE-2026-6830
Nesquena Hermes WebUI Environment Variable Credential Leakag - CVE-2026-32690
Apache Airflow: 3.x - Nested Variable Secret Values Bypass R
V. Comments for CVE-2020-10271
No comments yet