Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10279— RVD#2569: Insecure operating system defaults in MiR robots

EPSS 0.29% · P52
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-10279

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RVD#2569: Insecure operating system defaults in MiR robots
Source: NVD (National Vulnerability Database)
Vulnerability Description
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mobile Industrial Robots MiR100 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100存在安全漏洞,攻击者可利用该漏洞导致拒绝服务。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Alias Robotics MiR100;使用2.8.1.1及之前版本固件的Alias Robotics MiR200;使用2.8.1.1及之前版本固件的Alias Robotics Mi
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Mobile Industrial Robots A/SMiR100 v2.8.1.1 and before -

II. Public POCs for CVE-2020-10279

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-10279

登录查看更多情报信息。

Same Patch Batch · Mobile Industrial Robots A/S · 2020-06-24 · 12 CVEs total

CVE-2020-10269RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
CVE-2020-10270RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
CVE-2020-10271RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poor
CVE-2020-10272RVD#2554: MiR ROS computational graph presents no authentication mechanisms
CVE-2020-10273RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
CVE-2020-10274RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor
CVE-2020-10275RVD#2565: Weak token generation for the REST API.
CVE-2020-10276RVD#2558: Default credentials on SICK PLC allows disabling safety features
CVE-2020-10277RVD#2562: Booting from a live image leads to exfiltration of sensible information and priv
CVE-2020-10278RVD#2561: Unprotected BIOS allows user to boot from live OS image.
CVE-2020-10280RVD#2568: Apache server is vulnerable to a DoS

IV. Related Vulnerabilities

Same product: MiR100
Same vendor: Mobile Industrial Robots A/S
Same weakness: CWE-276

V. Comments for CVE-2020-10279

No comments yet

Leave a comment