CVE-2020-10272 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-10272

Analyzed

More Info Official Page

Source-cve@aliasrobotics.com

Published At-24 Jun, 2020 | 05:15

Updated At-06 Jul, 2020 | 16:21

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

aliasrobotics>>mir100_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*

aliasrobotics>>mir100>>-

cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*

aliasrobotics>>mir200_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*

aliasrobotics>>mir200>>-

cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*

aliasrobotics>>mir250_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*

aliasrobotics>>mir250>>-

cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*

aliasrobotics>>mir500_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*

aliasrobotics>>mir500>>-

cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*

aliasrobotics>>mir1000_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*

aliasrobotics>>mir1000>>-

cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*

mobile-industrial-robotics>>er200_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*

mobile-industrial-robotics>>er200>>-

cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*

enabled-robotics>>er-lite_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*

enabled-robotics>>er-lite>>-

cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*

enabled-robotics>>er-flex_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*

enabled-robotics>>er-flex>>-

cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*

enabled-robotics>>er-one_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*

enabled-robotics>>er-one>>-

cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*

uvd-robots>>uvd_robots_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*

uvd-robots>>uvd_robots>>-

cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-306	Primary	nvd@nist.gov
CWE-306	Secondary	cve@aliasrobotics.com

References

Hyperlink	Source	Resource
https://github.com/aliasrobotics/RVD/issues/2554	cve@aliasrobotics.com	Exploit Third Party Advisory