cve-2020-10273
Vulnerability from cvelistv5
Published
2020-06-24 04:55
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
References
▼ | URL | Tags | |
---|---|---|---|
cve@aliasrobotics.com | https://github.com/aliasrobotics/RVD/issues/2560 | Issue Tracking, Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Mobile Industrial Robots A/S | MiR100 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:40.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/aliasrobotics/RVD/issues/2560" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MiR100", "vendor": "Mobile Industrial Robots A/S", "versions": [ { "status": "affected", "version": "v2.8.1.1 and before" } ] } ], "credits": [ { "lang": "en", "value": "V\u00edctor Mayoral Vilches (Alias Robotics)" } ], "datePublic": "2020-06-24T00:00:00", "descriptions": [ { "lang": "en", "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-311", "description": "CWE-311", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-24T04:55:29", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/aliasrobotics/RVD/issues/2560" } ], "source": { "defect": [ "RVD#2560" ], "discovery": "EXTERNAL" }, "title": "RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers", "x_generator": { "engine": "Robot Vulnerability Database (RVD)" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-06-24T04:50:51 +00:00", "ID": "CVE-2020-10273", "STATE": "PUBLIC", "TITLE": "RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MiR100", "version": { "version_data": [ { "version_value": "v2.8.1.1 and before" } ] } } ] }, "vendor_name": "Mobile Industrial Robots A/S" } ] } }, "credit": [ { "lang": "eng", "value": "V\u00edctor Mayoral Vilches (Alias Robotics)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data." } ] }, "generator": { "engine": "Robot Vulnerability Database (RVD)" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "high", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-311" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aliasrobotics/RVD/issues/2560", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/2560" } ] }, "source": { "defect": [ "RVD#2560" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10273", "datePublished": "2020-06-24T04:55:29.526675Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-16T21:07:55.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-10273\",\"sourceIdentifier\":\"cve@aliasrobotics.com\",\"published\":\"2020-06-24T05:15:13.020\",\"lastModified\":\"2021-12-21T12:43:41.733\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.\"},{\"lang\":\"es\",\"value\":\"Los controladores MiR hasta las versiones de firmware 2.8.1.1 y anteriores, no cifran ni protegen de ninguna manera los artefactos de propiedad intelectual instalados en los robots. Este fallo permite a atacantes con acceso al robot o a la red del robot (en combinaci\u00f3n con otros fallos) recuperar y exfiltrar f\u00e1cilmente toda la propiedad intelectual y los datos instalados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"cve@aliasrobotics.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]},{\"source\":\"cve@aliasrobotics.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0989373-02AB-4E05-BAC2-0522A641D73A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"78E261B1-C56F-4428-9D53-5BBCCACEAFCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"877EEDC4-E86F-420D-81C6-3F632C787003\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1AE2A0-D83D-441B-856B-7E6FAB065C0D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"335CA5FE-5AFD-4D49-9A88-1CD71C9281BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F57611E0-5CB2-40FD-8420-ED13A1C4863F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"6865A559-8CA9-4F51-AC43-35BDF5201B91\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04043B16-E401-4D2C-9812-71923CEA2716\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A47E5E-7754-47EA-B02D-8A7F54124ED4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"472A560B-547D-4C9F-BE86-ED602FA32799\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"D5528AFD-75DF-4296-9A29-4BD00AB76273\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"654488E4-161E-40B5-9E0B-BE68F5F38E91\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"CD6E62F4-9C15-49AA-BFB7-81443D40B9B9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB77317-78C0-4800-8E1D-498979B6CB06\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.1.1\",\"matchCriteriaId\":\"A7452D74-36A5-4C87-AA20-8E9A80724EAA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD4ACEB-1184-47AB-86E4-732DA183E8AE\"}]}]}],\"references\":[{\"url\":\"https://github.com/aliasrobotics/RVD/issues/2560\",\"source\":\"cve@aliasrobotics.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.