Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RVD#2569: Insecure operating system defaults in MiR robots #2569

Open
rvd-bot opened this issue Jun 24, 2020 · 0 comments
Open

RVD#2569: Insecure operating system defaults in MiR robots #2569

rvd-bot opened this issue Jun 24, 2020 · 0 comments
Labels
robot component: Ubuntu robot: ER200 robot: ER-Flex robot: ER-Lite robot: ER-One robot: MiR100 robot: MiR200 robot: MiR250 robot: MiR500 robot: MiR1000 robot: UVD severity: high 7.0 - 8.9 vendor: Canonical vendor: Easy Robotics vendor: Enabled Robotics vendor: Mobile Industrial Robots vendor: Robotplus https://robotplus.es/ vendor: UVD Robots vulnerability

Comments

@rvd-bot
Copy link
Contributor

rvd-bot commented Jun 24, 2020
edited by vmayoral 

id: 2569
title: 'RVD#2569: Insecure operating system defaults in MiR robots'
type: vulnerability
description: MiR robot controllers (central computation unit) makes use of Ubuntu
  16.04.2 an operating system, Thought for desktop uses, this operating system presents
  insecure defaults for robots. These insecurities include a way for users to escalate
  their access beyond what they were granted via file creation, access race conditions,
  insecure home directory configurations and defaults that facilitate Denial of Service
  (DoS) attacks.
cwe: CWE-276
cve: CVE-2020-10279
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
  ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
  ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
  rvss-score: 7.3
  rvss-vector: RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/S:U/Y:Z/C:H/I:L/A:H/H:U
  severity-description: high
  cvss-score: 10.0
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
links:
- https://cwe.mitre.org/data/definitions/668.html
- https://github.com/aliasrobotics/RVD/issues/2569
flaw:
  phase: runtime-operation
  specificity: general-issue
  architectural-location: application-specific
  application: Ubuntu Linux
  subsystem: N/A
  package: N/A
  languages: N/A
  date-detected: '2020-04-20'
  detected-by: "Victor Mayoral Vilches (Alias Robotics)"
  detected-by-method: testing-dynamic alurity:robo_mir
  date-reported: '2020-06-24'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/2569
  reproducibility: always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
robot component: Ubuntu robot: ER200 robot: ER-Flex robot: ER-Lite robot: ER-One robot: MiR100 robot: MiR200 robot: MiR250 robot: MiR500 robot: MiR1000 robot: UVD severity: high 7.0 - 8.9 vendor: Canonical vendor: Easy Robotics vendor: Enabled Robotics vendor: Mobile Industrial Robots vendor: Robotplus https://robotplus.es/ vendor: UVD Robots vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vmayoral @glerapic @rvd-bot