Skip to content

RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers #2560

New issue
New issue
Open
Open
RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers#2560
Labels
robot: ER-Flexrobot: ER-Literobot: ER-Onerobot: ER200robot: MiR100robot: MiR1000robot: MiR200robot: MiR250robot: MiR500robot: UVDseverity: high7.0 - 8.9vendor: Easy Roboticsvendor: Enabled Roboticsvendor: Mobile Industrial Robotsvendor: Robotplushttps://robotplus.es/vendor: UVD Robotsvulnerability
@rvd-bot

Description

@rvd-bot
rvd-bot
opened on Jun 24, 2020
id: 2560
title: 'RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR)
  controllers'
type: vulnerability
description: MiR controllers across firmware versions 2.8.1.1 and before do not encrypt
  or protect in any way the intellectual property artifacts installed in the robots.
  This flaw allows attackers with access to the robot or the robot network (while
  in combination with other flaws) to retrieve and easily exfiltrate all installed
  intellectual property and data.
cwe: CWE-311
cve: CVE-2020-10273
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
  ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
  ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
  rvss-score: 6.5
  rvss-vector: RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:N/A:N/H:N
  severity-description: high
  cvss-score: 7.5
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
links:
- https://cwe.mitre.org/data/definitions/311.html
- https://github.com/aliasrobotics/RVD/issues/2560
flaw:
  phase: runtime-operation
  specificity: general-issue
  architectural-location: application-specific
  application: Ubuntu Linux
  subsystem: N/A
  package: N/A
  languages: N/A
  date-detected: 2020-04-20
  detected-by: "Victor Mayoral Vilches (Alias Robotics)"
  detected-by-method: testing-dynamic alurity:robo_mir
  date-reported: '2020-06-24'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/2560
  reproducibility: always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null

Metadata

Metadata

Assignees

No one assigned

    Labels

    robot: ER-Flexrobot: ER-Literobot: ER-Onerobot: ER200robot: MiR100robot: MiR1000robot: MiR200robot: MiR250robot: MiR500robot: UVDseverity: high7.0 - 8.9vendor: Easy Roboticsvendor: Enabled Roboticsvendor: Mobile Industrial Robotsvendor: Robotplushttps://robotplus.es/vendor: UVD Robotsvulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions