Open
Description
{
"id": 33,
"title": "RVD#33: Baxter and Sawyer expose their LAN ports on the pedestal",
"type": "vulnerability",
"description": "Baxter and Sawyer expose their LAN ports on the pedestal. These ports allow access to robot network services or add Modbus TCP capabilities.\r\nAccess to robot's network services can be achieved through these ports. Connecting an Ethernet cable allows sending commands/messages to robot services that are available through this interface.An attacker, who successfully started a connection to the ROS Master service can disable collision avoidance and detection mechanisms. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Baxter",
"robot: Sawyer",
"severity: high",
"state: new",
"vendor: Rethink Robotics",
"vulnerability"
],
"system": "Baxter & Sawyer",
"vendor": "Rethink Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:PI/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:H/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/33"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/33",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}