Mobile Industrial Robots Vehicles and MiR Fleet Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Mobile Industrial Robots MiR Equipment: MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet Vulnerabilities: Improper Access Control, Integer Overflow or Wraparound, Exposur...

Default credentials

One of the wireless interfaces within MiR100, MiR200 and possibly according to the vendor other MiR fleet vehicles comes pre-configured in WiFi Master Access Point mode. Credentials to such wireless Access Point default to well known and widely spread SSID MiRRXXXX and passwords omitted. This...

CVE-2020-10269

CVE-2020-10269 (MiR100/MiR200 and possibly other MiR robots) involves a wireless AP mode with default credentials (MiR_RXXXX) that may be present per vendor guidance. Related disclosures (CVE-2020-10271) describe the Robot Operating System (ROS) computational graph being exposed to all network in...

CVE-2020-10269 RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point

One of the wireless interfaces within MiR100, MiR200 and possibly according to the vendor other MiR fleet vehicles comes pre-configured in WiFi Master Access Point mode. Credentials to such wireless Access Point default to well known and widely spread SSID MiRRXXXX and passwords omitted. This...

CVE-2020-10272

CVE-2020-10272 affects MiR100, MiR200 and other MiR robots using ROS default packages that expose the computational graph without authentication. This allows attackers with access to internal networks to take control of the robot. The issue is part of a multi-vulnerability stack (alongside CVE-20...