RVD#16: Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor

[aliasbot]

{
    "id": 16,
    "title": "RVD#16: Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor",
    "type": "vulnerability",
    "description": "Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor could allow man-in-the-middle attackers to eavesdrop sensitive or security critical communications or affect integrity of sent data.On versions: All versions## Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Cleartext Transmission of Sensitive Information (CWE-319)",
    "cve": "None",
    "keywords": [
        "components software",
        "malformed",
        "robot",
        "robot component: Sawyer Task Editor",
        "robot: Baxter",
        "severity: critical",
        "state: new",
        "vendor: Rethink Robotics",
        "vulnerability"
    ],
    "system": "Baxter/Sawyer Task Editor",
    "vendor": "Rethink Robotics",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:L/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/16"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/16",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.