Multiple vulnerabilities in Mobile Industrial Robots Vehicles and MiR Fleet Software
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2017-7184 CVE-2017-18255 CVE-2020-10271 CVE-2020-10272 CVE-2020-10273 CVE-2020-10276 CVE-2020-10277 CVE-2020-10278 CVE-2020-10279 CVE-2020-10280 |
| CWE-ID | CWE-122 CWE-190 CWE-306 CWE-311 CWE-284 CWE-276 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MiR Fleet Hardware solutions / Firmware MiR1000 Hardware solutions / Firmware MiR500 Hardware solutions / Firmware MiR250 Hardware solutions / Firmware MiR200 Hardware solutions / Firmware MiR100 Hardware solutions / Firmware |
| Vendor | Mobile Industrial Robots |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU6184
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7184
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system with escalated privileges.
The vulnerability exists due to boundary error in xfrm_replay_verify_len() function in net/xfrm/xfrm_user.c in Linux kernel when validating data after an XFRM_MSG_NEWAE update. A local use can trigger heap-based buffer overflow by leveraging the CAP_NET_ADMIN capability and execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
This vulnerability was demonstrated during the Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU11519
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18255
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to improper validation of the input value from userspace when using the perf_cpu_time_max_percent_handler function, as defined in the kernel/events/core.c source code file. A local attacker can send specially crafted input that contains large values, trigger integer overflow and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU57186
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10271
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to two APIs to the Robot Operating System (ROS) used in MiR robots are accessible from both wired and wireless network interfaces. A remote attacker can control of the robot, cause a denial of service (DoS) condition and exfiltrate data over the web interface.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://github.com/aliasrobotics/RVD/issues/2555
http://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Missing Authentication for Critical Function
EUVDB-ID: #VU57187
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10272
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to Robot Operating System (ROS) default packages are used, which expose the computational graph without any authentication. A remote attacker on the local network can take control of the robot.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2554
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Encryption of Sensitive Data
EUVDB-ID: #VU57188
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10273
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data. A local attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2560
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU57189
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10276
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to MiR robots shipped before June 2020 had default passwords set for the SICK safety PLC. A remote attacker on the local network can use the default credentials to manipulate the safety PLC, effectively disabling the emergency stop function.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2558
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU57190
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10277
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the ability to boot from USB is an insecure default configuration that is changeable by integrators. An attacker with physical access can abuse this functionality to manipulate or exfiltrate data stored on the robot’s hard drive.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2562
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU57191
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10278
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the lack of a BIOS password is an insecure default configuration, changeable by integrators.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2561
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Incorrect default permissions
EUVDB-ID: #VU57192
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10279
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions. A local attacker with access to the robot operating system (ROS) can perform privilege escalation or cause denial-of-service.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2569
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU57193
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10280
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Apache server. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsMiR Fleet: before 2.10.2.1
MiR1000: before 2.10.2.1
MiR500: before 2.10.2.1
MiR250: before 2.10.2.1
MiR200: before 2.10.2.1
MiR100: before 2.10.2.1
External linkshttp://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
http://github.com/aliasrobotics/RVD/issues/2568
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
