MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
References
Link | Resource |
---|---|
https://github.com/aliasrobotics/RVD/issues/2555 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Alias
Published: 2020-06-24T00:00:00
Updated: 2020-06-24T04:40:18
Reserved: 2020-03-10T00:00:00
Link: CVE-2020-10271
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-24T05:15:12.847
Modified: 2020-07-06T15:54:59.680
Link: CVE-2020-10271
JSON object: View
Redhat Information
No data.
CWE