MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAliasrobotics Mir100
HWAliasroboticswszystkie wersjeAliasrobotics Mir1000
HWAliasroboticswszystkie wersjeAliasrobotics Mir1000 Firmware
OSAliasrobotics≤ 2.8.1.1Aliasrobotics Mir100 Firmware
OSAliasrobotics≤ 2.8.1.1Aliasrobotics Mir200
HWAliasroboticswszystkie wersjeAliasrobotics Mir200 Firmware
OSAliasrobotics≤ 2.8.1.1Aliasrobotics Mir250
HWAliasroboticswszystkie wersjeAliasrobotics Mir250 Firmware
OSAliasrobotics≤ 2.8.1.1Aliasrobotics Mir500
HWAliasroboticswszystkie wersjeAliasrobotics Mir500 Firmware
OSAliasrobotics≤ 2.8.1.1Enabled Robotics Er Flex
HWEnabled-Roboticswszystkie wersjeEnabled Robotics Er Flex Firmware
OSEnabled-Robotics≤ 2.8.1.1Enabled Robotics Er Lite
HWEnabled-Roboticswszystkie wersjeEnabled Robotics Er Lite Firmware
OSEnabled-Robotics≤ 2.8.1.1Enabled Robotics Er One
HWEnabled-Roboticswszystkie wersjeEnabled Robotics Er One Firmware
OSEnabled-Robotics≤ 2.8.1.1Mobile Industrial Robotics Er200
HWMobile-Industrial-Roboticswszystkie wersjeMobile Industrial Robotics Er200 Firmware
OSMobile-Industrial-Robotics≤ 2.8.1.1Uvd Robots
HWUvd-Robotswszystkie wersjeUvd Robots Firmware
OSUvd-Robots≤ 2.8.1.1
Related vulnerabilities
One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet ve...
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's pos...
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computa...
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for ...
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellect...