FKIE_CVE-2020-10270

Vulnerability from fkie_nvd - Published: 2020-06-24 05:15 - Updated: 2024-11-21 04:55
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.
References
cve@aliasrobotics.comhttps://github.com/aliasrobotics/RVD/issues/2557Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/aliasrobotics/RVD/issues/2557Exploit, Third Party Advisory
Impacted products
Vendor Product Version
aliasrobotics mir100_firmware *
aliasrobotics mir100 -
aliasrobotics mir200_firmware *
aliasrobotics mir200 -
aliasrobotics mir250_firmware *
aliasrobotics mir250 -
aliasrobotics mir500_firmware *
aliasrobotics mir500 -
aliasrobotics mir1000_firmware *
aliasrobotics mir1000 -
mobile-industrial-robotics er200_firmware *
mobile-industrial-robotics er200 -
enabled-robotics er-lite_firmware *
enabled-robotics er-lite -
enabled-robotics er-flex_firmware *
enabled-robotics er-flex -
enabled-robotics er-one_firmware *
enabled-robotics er-one -
uvd-robots uvd_robots_firmware *
uvd-robots uvd_robots -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it\u0027s possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000."
    },
    {
      "lang": "es",
      "value": "Fuera de las interfaces cableadas e inal\u00e1mbricas dentro de MiR100, MiR200 y otros veh\u00edculos de MiR fleet, es posible acceder al Panel de Control en una direcci\u00f3n IP embebida. Las credenciales de dicha interfaz inal\u00e1mbrica son predeterminadas para usuarios conocidos y ampliamente difundidos (omitidos) y contrase\u00f1as (omitidas). Esta informaci\u00f3n tambi\u00e9n est\u00e1 disponible en gu\u00edas de usuario y manuales anteriores que el proveedor distribuy\u00f3. Este fallo permite a atacantes cibern\u00e9ticos tomar el control del robot remotamente y hacer uso de las interfaces de usuario predeterminadas que MiR ha creado, reduciendo la complejidad de los ataques y poni\u00e9ndolos a disposici\u00f3n de los atacantes a nivel de entrada. Tambi\u00e9n se pueden establecer ataques m\u00e1s elaborados al borrar la autenticaci\u00f3n y enviar peticiones de red directamente. Hemos confirmado este fallo en MiR100 y MiR200, pero seg\u00fan el proveedor, tambi\u00e9n podr\u00eda aplicarse a MiR250, MiR500 y MiR1000"
    }
  ],
  "id": "CVE-2020-10270",
  "lastModified": "2024-11-21T04:55:06.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cve@aliasrobotics.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-24T05:15:12.753",
  "references": [
    {
      "source": "cve@aliasrobotics.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/2557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/2557"
    }
  ],
  "sourceIdentifier": "cve@aliasrobotics.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "cve@aliasrobotics.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.