Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10272— RVD#2554: MiR ROS computational graph presents no authentication mechanisms

EPSS 0.47% · P65
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-10272

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RVD#2554: MiR ROS computational graph presents no authentication mechanisms
Source: NVD (National Vulnerability Database)
Vulnerability Description
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mobile Industrial Robots MiR100访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100存在访问控制错误漏洞,该漏洞源于程序缺少身份验证。攻击者可利用该漏洞控制机器人。以下产品及版本受到影响:以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Alias Robotics MiR100;使用2.8.1.1及之前版本固件的Alias Robotics MiR200;使用2.8
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Mobile Industrial Robots A/SMiR100 v2.8.1.1 and before -

II. Public POCs for CVE-2020-10272

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-10272

登录查看更多情报信息。

Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total

CVE-2020-10269RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
CVE-2020-10270RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
CVE-2020-10271RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poor
CVE-2020-10273RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
CVE-2020-10274RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor
CVE-2020-10275RVD#2565: Weak token generation for the REST API.
CVE-2020-10276RVD#2558: Default credentials on SICK PLC allows disabling safety features
CVE-2020-10277RVD#2562: Booting from a live image leads to exfiltration of sensible information and priv
CVE-2020-10278RVD#2561: Unprotected BIOS allows user to boot from live OS image.
CVE-2020-10279RVD#2569: Insecure operating system defaults in MiR robots
CVE-2020-10280RVD#2568: Apache server is vulnerable to a DoS

IV. Related Vulnerabilities

Same product: MiR100
Same vendor: Mobile Industrial Robots A/S
Same weakness: CWE-306

V. Comments for CVE-2020-10272

No comments yet

Leave a comment