CVE-2020-10276 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-10276

Analyzed

More Info Official Page

Source-cve@aliasrobotics.com

Published At-24 Jun, 2020 | 05:15

Updated At-06 Jul, 2020 | 15:14

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

mobile-industrial-robots>>mir100_firmware>>Versions up to 2.8.1.1(inclusive)

cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*

mobile-industrial-robots>>mir100>>-

cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir200_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir200>>-

cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir250_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir250>>-

cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir500_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir500>>-

cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir1000_firmware>>-

cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*

mobile-industrial-robots>>mir1000>>-

cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*

easyrobotics>>er200_firmware>>-

cpe:2.3:o:easyrobotics:er200_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er200>>-

cpe:2.3:h:easyrobotics:er200:-:*:*:*:*:*:*:*

easyrobotics>>er-lite_firmware>>-

cpe:2.3:o:easyrobotics:er-lite_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-lite>>-

cpe:2.3:h:easyrobotics:er-lite:-:*:*:*:*:*:*:*

easyrobotics>>er-flex_firmware>>-

cpe:2.3:o:easyrobotics:er-flex_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-flex>>-

cpe:2.3:h:easyrobotics:er-flex:-:*:*:*:*:*:*:*

easyrobotics>>er-one_firmware>>-

cpe:2.3:o:easyrobotics:er-one_firmware:-:*:*:*:*:*:*:*

easyrobotics>>er-one>>-

cpe:2.3:h:easyrobotics:er-one:-:*:*:*:*:*:*:*

uvd-robots>>uvd_firmware>>-

cpe:2.3:o:uvd-robots:uvd_firmware:-:*:*:*:*:*:*:*

uvd-robots>>uvd>>-

cpe:2.3:h:uvd-robots:uvd:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-798	Primary	nvd@nist.gov
CWE-798	Secondary	cve@aliasrobotics.com

CWE ID: CWE-798

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-798

Type: Secondary

Source: cve@aliasrobotics.com

References

Hyperlink	Source	Resource
https://github.com/aliasrobotics/RVD/issues/2558	cve@aliasrobotics.com	Third Party Advisory

Hyperlink: https://github.com/aliasrobotics/RVD/issues/2558

Source: cve@aliasrobotics.com

Resource:

Third Party Advisory