CVE-2020-10276

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.

9.8 critical severity
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Created
24/06/2020

Operating Systems 10

MI

MIR100 Firmware

by Mobile-Industrial-Robots

3 Versions

4 months ago

MI

MIR200 Firmware

by Mobile-Industrial-Robots

3 Versions

4 months ago

MI

MIR250 Firmware

by Mobile-Industrial-Robots

3 Versions

4 months ago

MI

MIR500 Firmware

by Mobile-Industrial-Robots

3 Versions

4 months ago

MI

MIR1000 Firmware

by Mobile-Industrial-Robots

3 Versions

4 months ago

ER

ER200 Firmware

by Easyrobotics

2 Versions

4 months ago

Er

Er-Lite Firmware

by Easyrobotics

2 Versions

4 months ago

Er

Er-Flex Firmware

by Easyrobotics

2 Versions

4 months ago

Er

Er-One Firmware

by Easyrobotics

2 Versions

4 months ago

UV

UVD Firmware

by Uvd-Robots

1 Version

4 months ago

Vulnerability Categories 1

Use of Hard-coded Credentials

Advisory Links 1

https://github.com/aliasrobotics/RVD/issues/2558

http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.