CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.6%
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR’s operations are centered around the framework (ROS).
Vendor | Product | Version | CPE |
---|---|---|---|
aliasrobotics | mir100_firmware | * | cpe:2.3:o:aliasrobotics:mir100_firmware:*:*:*:*:*:*:*:* |
aliasrobotics | mir100 | - | cpe:2.3:h:aliasrobotics:mir100:-:*:*:*:*:*:*:* |
aliasrobotics | mir200_firmware | * | cpe:2.3:o:aliasrobotics:mir200_firmware:*:*:*:*:*:*:*:* |
aliasrobotics | mir200 | - | cpe:2.3:h:aliasrobotics:mir200:-:*:*:*:*:*:*:* |
aliasrobotics | mir250_firmware | * | cpe:2.3:o:aliasrobotics:mir250_firmware:*:*:*:*:*:*:*:* |
aliasrobotics | mir250 | - | cpe:2.3:h:aliasrobotics:mir250:-:*:*:*:*:*:*:* |
aliasrobotics | mir500_firmware | * | cpe:2.3:o:aliasrobotics:mir500_firmware:*:*:*:*:*:*:*:* |
aliasrobotics | mir500 | - | cpe:2.3:h:aliasrobotics:mir500:-:*:*:*:*:*:*:* |
aliasrobotics | mir1000_firmware | * | cpe:2.3:o:aliasrobotics:mir1000_firmware:*:*:*:*:*:*:*:* |
aliasrobotics | mir1000 | - | cpe:2.3:h:aliasrobotics:mir1000:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.6%