Mobile Industrial Robots Vehicles and MiR Fleet Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Mobile Industrial Robots MiR Equipment: MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet Vulnerabilities: Improper Access Control, Integer Overflow or Wraparound, Exposur...

Default credentials

One of the wireless interfaces within MiR100, MiR200 and possibly according to the vendor other MiR fleet vehicles comes pre-configured in WiFi Master Access Point mode. Credentials to such wireless Access Point default to well known and widely spread SSID MiRRXXXX and passwords omitted. This...

Hardcoded credentials

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...

CVE-2020-10269 RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point

One of the wireless interfaces within MiR100, MiR200 and possibly according to the vendor other MiR fleet vehicles comes pre-configured in WiFi Master Access Point mode. Credentials to such wireless Access Point default to well known and widely spread SSID MiRRXXXX and passwords omitted. This...

CVE-2020-10269

CVE-2020-10269 (MiR100/MiR200 and possibly other MiR robots) involves a wireless AP mode with default credentials (MiR_RXXXX) that may be present per vendor guidance. Related disclosures (CVE-2020-10271) describe the Robot Operating System (ROS) computational graph being exposed to all network in...