MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
aliasrobotics mir100 firmware |
||
aliasrobotics mir200 firmware |
||
aliasrobotics mir250 firmware |
||
aliasrobotics mir500 firmware |
||
aliasrobotics mir1000 firmware |
||
mobile-industrial-robotics er200 firmware |
||
enabled-robotics er-lite firmware |
||
enabled-robotics er-flex firmware |
||
enabled-robotics er-one firmware |
||
uvd-robots uvd robots firmware |