Open
Description
{
"id": 43,
"title": "RVD#43: Unsecured network and command injection",
"type": "vulnerability",
"description": "Insecure network and command injection, network exposed services are an important attack vector. An attacker with read and write access to an FTP exposed file system can abuse network services to directly control the robot's actions.\r\n Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: IRB140's main computer",
"severity: critical",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "IRB140's main computer",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/43"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/43",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}