FKIE_CVE-2020-10273

Vulnerability from fkie_nvd - Published: 2020-06-24 05:15 - Updated: 2024-11-21 04:55
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.
References
cve@aliasrobotics.comhttps://github.com/aliasrobotics/RVD/issues/2560Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/aliasrobotics/RVD/issues/2560Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
aliasrobotics mir100_firmware *
aliasrobotics mir100 -
aliasrobotics mir200_firmware *
aliasrobotics mir200 -
aliasrobotics mir250_firmware *
aliasrobotics mir250 -
aliasrobotics mir500_firmware *
aliasrobotics mir500 -
aliasrobotics mir1000_firmware *
aliasrobotics mir1000 -
mobile-industrial-robotics er200_firmware *
mobile-industrial-robotics er200 -
enabled-robotics er-lite_firmware *
enabled-robotics er-lite -
enabled-robotics er-flex_firmware *
enabled-robotics er-flex -
enabled-robotics er-one_firmware *
enabled-robotics er-one -
uvd-robots uvd_robots_firmware *
uvd-robots uvd_robots -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data."
    },
    {
      "lang": "es",
      "value": "Los controladores MiR hasta las versiones de firmware 2.8.1.1 y anteriores, no cifran ni protegen de ninguna manera los artefactos de propiedad intelectual instalados en los robots. Este fallo permite a atacantes con acceso al robot o a la red del robot (en combinaci\u00f3n con otros fallos) recuperar y exfiltrar f\u00e1cilmente toda la propiedad intelectual y los datos instalados"
    }
  ],
  "id": "CVE-2020-10273",
  "lastModified": "2024-11-21T04:55:06.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cve@aliasrobotics.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-24T05:15:13.020",
  "references": [
    {
      "source": "cve@aliasrobotics.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/2560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aliasrobotics/RVD/issues/2560"
    }
  ],
  "sourceIdentifier": "cve@aliasrobotics.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "cve@aliasrobotics.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.