Exposure of Resource to Wrong Sphere in Mobile Industrial Robots products - CVE-2020-10271
Published: October 11, 2021
Vulnerability identifier: #VU57186
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-10271
CWE-ID:
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mobile Industrial Robots
Affected software:
MiR100
MiR200
MiR250
MiR500
MiR1000
MiR Fleet
MiR100
MiR200
MiR250
MiR500
MiR1000
MiR Fleet
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to two APIs to the Robot Operating System (ROS) used in MiR robots are accessible from both wired and wireless network interfaces. A remote attacker can control of the robot, cause a denial of service (DoS) condition and exfiltrate data over the web interface.
How to mitigate CVE-2020-10271
Install updates from vendor's website.