Lucene search

[email protected]NVD:CVE-2020-10274

HistoryJun 24, 2020 - 5:15 a.m.

CVE-2020-10274

2020-06-2405:15:13

CWE-200

CWE-330

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.007

Percentile

79.7%

JSON

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot’s database.

Affected configurations

Nvd

Node

mobile-industrial-robotsmir100_firmwareRange≤2.8.1.1

AND

mobile-industrial-robotsmir100Match-

Node

mobile-industrial-robotsmir200_firmwareMatch-

AND

mobile-industrial-robotsmir200Match-

Node

mobile-industrial-robotsmir250_firmwareMatch-

AND

mobile-industrial-robotsmir250Match-

Node

mobile-industrial-robotsmir500_firmwareMatch-

AND

mobile-industrial-robotsmir500Match-

Node

mobile-industrial-robotsmir1000_firmwareMatch-

AND

mobile-industrial-robotsmir1000Match-

Node

easyroboticser200_firmwareMatch-

AND

easyroboticser200Match-

Node

easyroboticser-lite_firmwareMatch-

AND

easyroboticser-liteMatch-

Node

easyroboticser-flex_firmwareMatch-

AND

easyroboticser-flexMatch-

Node

easyroboticser-one_firmwareMatch-

AND

easyroboticser-oneMatch-

Node

uvd-robotsuvd_firmwareMatch-

AND

uvd-robotsuvdMatch-

VendorProductVersionCPE
mobile-industrial-robotsmir100_firmware*cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*
mobile-industrial-robotsmir100-cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir200_firmware-cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir200-cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir250_firmware-cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir250-cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir500_firmware-cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir500-cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir1000_firmware-cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*
mobile-industrial-robotsmir1000-cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mobile-industrial-robots	mir100_firmware	*	cpe:2.3:o:mobile-industrial-robots:mir100_firmware::::::::
mobile-industrial-robots	mir100	-	cpe:2.3:h:mobile-industrial-robots:mir100:-:::::::*
mobile-industrial-robots	mir200_firmware	-	cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:::::::*
mobile-industrial-robots	mir200	-	cpe:2.3:h:mobile-industrial-robots:mir200:-:::::::*
mobile-industrial-robots	mir250_firmware	-	cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:::::::*
mobile-industrial-robots	mir250	-	cpe:2.3:h:mobile-industrial-robots:mir250:-:::::::*
mobile-industrial-robots	mir500_firmware	-	cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:::::::*
mobile-industrial-robots	mir500	-	cpe:2.3:h:mobile-industrial-robots:mir500:-:::::::*
mobile-industrial-robots	mir1000_firmware	-	cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:::::::*
mobile-industrial-robots	mir1000	-	cpe:2.3:h:mobile-industrial-robots:mir1000:-:::::::*

Rows per page:

1-10 of 201

References

github.com/aliasrobotics/RVD/issues/2556

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.007

Percentile

79.7%

JSON

Related for NVD:CVE-2020-10274

prion3 cvelist3 cve3 nvd2 ics1