{"id": "CVE-2020-10276", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-06-24T05:15:13.270", "references": [{"url": "https://github.com/aliasrobotics/RVD/issues/2558", "tags": ["Third Party Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device."}, {"lang": "es", "value": "La contrase\u00f1a para el PLC de seguridad es la predeterminada y, por lo tanto, f\u00e1cil de encontrar (en manuales, etc.). Esto permite a un programa manipulado ser cargado al PLC de seguridad, deshabilitando efectivamente la parada de emergencia en caso de que un objeto est\u00e9 demasiado cerca del robot. Una navegaci\u00f3n y cualquier otro componente dependiente del esc\u00e1ner l\u00e1ser no est\u00e1n afectados (por lo tanto, es dif\u00edcil de detectar antes de que ocurra algo), aunque la configuraci\u00f3n del esc\u00e1ner l\u00e1ser puede tambi\u00e9n estar afectada alterando a\u00fan m\u00e1s la seguridad del dispositivo"}], "lastModified": "2020-07-06T15:14:44.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C1ED80A-1AE1-4868-AD13-F37079F69B60", "versionEndIncluding": "2.8.1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11F1060F-0F43-4920-A05D-593E784B1A0B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E52858B-51DE-44BC-A4BB-D199F1281D72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B0F7F08-D5D5-4DA8-B2B2-5EA2997AEE3D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F19DD45-1C6E-498C-A961-5EDB4823B12C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44C6FCBE-E111-419E-8F8D-2F4702D821BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C63DB5B-961D-4FDD-AB12-01DC24AFC0B9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2BC5C9E-1AF3-4009-844E-6E64E4D766A8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "171A2B04-114B-4C5F-9F2C-515A1E37F300"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C86EB588-CD48-456B-90C6-C482636508AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:easyrobotics:er200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42AB077F-A829-4A9F-8AFF-CBC9222EAE55"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:easyrobotics:er200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C275F303-4494-4C06-95CC-8969E01F8ADA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:easyrobotics:er-lite_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68599AB3-679D-4E86-B8F4-7939A0373EA2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:easyrobotics:er-lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53543812-4D0D-4191-8B21-803D2F9790B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:easyrobotics:er-flex_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1252DDB6-D090-499B-B505-E17625DB88AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:easyrobotics:er-flex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D84C826-05A4-44A6-BD12-77805A993A5D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:easyrobotics:er-one_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29230027-8A11-48CA-A4E5-63953EB7CAE3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:easyrobotics:er-one:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C7FFA6B9-1A77-4C25-8120-6844B8700527"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:uvd-robots:uvd_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C870ABF-C324-442E-9738-025397CB3C47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:uvd-robots:uvd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87684074-A107-4FE3-A840-C5CB3B8025AC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@aliasrobotics.com"}
