#VU57186 Exposure of Resource to Wrong Sphere in Mobile Industrial Robots products - CVE-2020-10271
Published: October 11, 2021
Vulnerability identifier: #VU57186
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-10271
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
MiR100
MiR200
MiR250
MiR500
MiR1000
MiR Fleet
MiR100
MiR200
MiR250
MiR500
MiR1000
MiR Fleet
Software vendor:
Mobile Industrial Robots
Mobile Industrial Robots
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to two APIs to the Robot Operating System (ROS) used in MiR robots are accessible from both wired and wireless network interfaces. A remote attacker can control of the robot, cause a denial of service (DoS) condition and exfiltrate data over the web interface.
Remediation
Install updates from vendor's website.