Open
Description
id: 2560
title: 'RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR)
controllers'
type: vulnerability
description: MiR controllers across firmware versions 2.8.1.1 and before do not encrypt
or protect in any way the intellectual property artifacts installed in the robots.
This flaw allows attackers with access to the robot or the robot network (while
in combination with other flaws) to retrieve and easily exfiltrate all installed
intellectual property and data.
cwe: CWE-311
cve: CVE-2020-10273
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
rvss-score: 6.5
rvss-vector: RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:N/A:N/H:N
severity-description: high
cvss-score: 7.5
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
links:
- https://cwe.mitre.org/data/definitions/311.html
- https://github.com/aliasrobotics/RVD/issues/2560
flaw:
phase: runtime-operation
specificity: general-issue
architectural-location: application-specific
application: Ubuntu Linux
subsystem: N/A
package: N/A
languages: N/A
date-detected: 2020-04-20
detected-by: "Victor Mayoral Vilches (Alias Robotics)"
detected-by-method: testing-dynamic alurity:robo_mir
date-reported: '2020-06-24'
reported-by: "Victor Mayoral Vilches (Alias Robotics)"
reported-by-relationship: security researcher
issue: https://github.com/aliasrobotics/RVD/issues/2560
reproducibility: always
trace: Not disclosed
reproduction: Not disclosed
reproduction-image: Not disclosed
exploitation:
description: Not disclosed
exploitation-image: Not disclosed
exploitation-vector: Not disclosed
exploitation-recipe: ''
mitigation:
description: Not disclosed
pull-request: Not disclosed
date-mitigation: null