Open
Description
id: 2569
title: 'RVD#2569: Insecure operating system defaults in MiR robots'
type: vulnerability
description: MiR robot controllers (central computation unit) makes use of Ubuntu
16.04.2 an operating system, Thought for desktop uses, this operating system presents
insecure defaults for robots. These insecurities include a way for users to escalate
their access beyond what they were granted via file creation, access race conditions,
insecure home directory configurations and defaults that facilitate Denial of Service
(DoS) attacks.
cwe: CWE-276
cve: CVE-2020-10279
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
rvss-score: 7.3
rvss-vector: RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/S:U/Y:Z/C:H/I:L/A:H/H:U
severity-description: high
cvss-score: 10.0
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
links:
- https://cwe.mitre.org/data/definitions/668.html
- https://github.com/aliasrobotics/RVD/issues/2569
flaw:
phase: runtime-operation
specificity: general-issue
architectural-location: application-specific
application: Ubuntu Linux
subsystem: N/A
package: N/A
languages: N/A
date-detected: '2020-04-20'
detected-by: "Victor Mayoral Vilches (Alias Robotics)"
detected-by-method: testing-dynamic alurity:robo_mir
date-reported: '2020-06-24'
reported-by: "Victor Mayoral Vilches (Alias Robotics)"
reported-by-relationship: security researcher
issue: https://github.com/aliasrobotics/RVD/issues/2569
reproducibility: always
trace: Not disclosed
reproduction: Not disclosed
reproduction-image: Not disclosed
exploitation:
description: Not disclosed
exploitation-image: Not disclosed
exploitation-vector: Not disclosed
exploitation-recipe: ''
mitigation:
description: Not disclosed
pull-request: Not disclosed
date-mitigation: null