{"containers": {"cna": {"affected": [{"product": "MiR100", "vendor": "Mobile Industrial Robots A/S", "versions": [{"status": "affected", "version": "v2.8.1.1 and before"}]}], "credits": [{"lang": "en", "value": "V\u00edctor Mayoral Vilches (Alias Robotics)"}], "datePublic": "2020-06-24T00:00:00", "descriptions": [{"lang": "en", "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-24T04:55:29", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aliasrobotics/RVD/issues/2560"}], "source": {"defect": ["RVD#2560"], "discovery": "EXTERNAL"}, "title": "RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers", "x_generator": {"engine": "Robot Vulnerability Database (RVD)"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-06-24T04:50:51 +00:00", "ID": "CVE-2020-10273", "STATE": "PUBLIC", "TITLE": "RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MiR100", "version": {"version_data": [{"version_value": "v2.8.1.1 and before"}]}}]}, "vendor_name": "Mobile Industrial Robots A/S"}]}}, "credit": [{"lang": "eng", "value": "V\u00edctor Mayoral Vilches (Alias Robotics)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data."}]}, "generator": {"engine": "Robot Vulnerability Database (RVD)"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "high", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-311"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aliasrobotics/RVD/issues/2560", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/2560"}]}, "source": {"defect": ["RVD#2560"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10273", "datePublished": "2020-06-24T00:00:00", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2020-06-24T04:55:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBDEDA2D-26AB-4F23-B672-D0C89A7BEFB9", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0989373-02AB-4E05-BAC2-0522A641D73A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "78E261B1-C56F-4428-9D53-5BBCCACEAFCF", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BF40B1F-0DD2-4B8A-BFBA-A7E641DC3316", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "877EEDC4-E86F-420D-81C6-3F632C787003", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD1AE2A0-D83D-441B-856B-7E6FAB065C0D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "335CA5FE-5AFD-4D49-9A88-1CD71C9281BE", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:*", "matchCriteriaId": "F57611E0-5CB2-40FD-8420-ED13A1C4863F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6865A559-8CA9-4F51-AC43-35BDF5201B91", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "04043B16-E401-4D2C-9812-71923CEA2716", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robotics:er200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "39BD42AA-95E1-4A02-BB9D-C54AE6BAF9B2", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robotics:er200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8A47E5E-7754-47EA-B02D-8A7F54124ED4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enabled-robotics:er-lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF0E5CFB-6C15-4BB1-97D8-DD52F68190DD", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enabled-robotics:er-lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "472A560B-547D-4C9F-BE86-ED602FA32799", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enabled-robotics:er-flex_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5528AFD-75DF-4296-9A29-4BD00AB76273", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enabled-robotics:er-flex:-:*:*:*:*:*:*:*", "matchCriteriaId": "654488E4-161E-40B5-9E0B-BE68F5F38E91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:enabled-robotics:er-one_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD6E62F4-9C15-49AA-BFB7-81443D40B9B9", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:enabled-robotics:er-one:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB77317-78C0-4800-8E1D-498979B6CB06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:uvd-robots:uvd_robots_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7452D74-36A5-4C87-AA20-8E9A80724EAA", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:uvd-robots:uvd_robots:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FD4ACEB-1184-47AB-86E4-732DA183E8AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data."}, {"lang": "es", "value": "Los controladores MiR hasta las versiones de firmware 2.8.1.1 y anteriores, no cifran ni protegen de ninguna manera los artefactos de propiedad intelectual instalados en los robots. Este fallo permite a atacantes con acceso al robot o a la red del robot (en combinaci\u00f3n con otros fallos) recuperar y exfiltrar f\u00e1cilmente toda la propiedad intelectual y los datos instalados"}], "id": "CVE-2020-10273", "lastModified": "2021-12-21T12:43:41.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@aliasrobotics.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-24T05:15:13.020", "references": [{"source": "cve@aliasrobotics.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/aliasrobotics/RVD/issues/2560"}], "sourceIdentifier": "cve@aliasrobotics.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "cve@aliasrobotics.com", "type": "Secondary"}]}

{}