Sign-up

ID

VAR-202006-0259


CVE

CVE-2020-10279


TITLE

MiR robot Vulnerability in improper default permissions on controller

Trust: 0.8

sources: JVNDB: JVNDB-2020-007373

DESCRIPTION

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. MiR robot The controller contains a vulnerability regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10279 // JVNDB: JVNDB-2020-007373

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:aliasroboticsmodel:mir250scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-flexscope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir500scope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir100scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-litescope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir200scope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir1000scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-onescope:lteversion:2.8.1.1

Trust: 1.0

vendor:mobile industrial roboticsmodel:er200scope:lteversion:2.8.1.1

Trust: 1.0

vendor:uvd robotsmodel:uvd robotsscope:lteversion:2.8.1.1

Trust: 1.0

vendor:easyroboticsmodel:er-flexscope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-litescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-onescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir100scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir1000scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir250scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir500scope: - version: -

Trust: 0.8

vendor:uvd robotsmodel:uvdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-007373 // NVD: CVE-2020-10279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10279
value: CRITICAL

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10279
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007373
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202006-1675
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10279
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007373
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10279
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10279
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007373
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007373 // CNNVD: CNNVD-202006-1675 // NVD: CVE-2020-10279 // NVD: CVE-2020-10279

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.8

problemtype:CWE-362

Trust: 1.0

problemtype:CWE-1188

Trust: 1.0

sources: JVNDB: JVNDB-2020-007373 // NVD: CVE-2020-10279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1675

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1675

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007373

PATCH
title:Top Pageurl:https://www.easyrobotics.biz/
Trust: 0.8
title:Top Pageurl:https://www.mobile-industrial-robots.com/en/
Trust: 0.8
title:Top Pageurl:http://www.uvd-robots.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007373

EXTERNAL IDS
db:NVDid:CVE-2020-10279
Trust: 2.5
db:JVNDBid:JVNDB-2020-007373
Trust: 0.8
db:CS-HELPid:SB2021101107
Trust: 0.6
db:AUSCERTid:ESB-2021.3344
Trust: 0.6
db:ICS CERTid:ICSA-21-280-02
Trust: 0.6
db:CNNVDid:CNNVD-202006-1675
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007373 // 
            
            
            
            CNNVD: CNNVD-202006-1675 // 
            
            
            
            NVD: CVE-2020-10279

REFERENCES
url:https://github.com/aliasrobotics/rvd/issues/2569
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10279
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10279
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021101107
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3344
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007373 // 
            
            
            
            CNNVD: CNNVD-202006-1675 // 
            
            
            
            NVD: CVE-2020-10279

CREDITS
Victor Mayoral Vilches of Alias Robotics reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1675

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2020-007373
db:CNNVDid:CNNVD-202006-1675
db:NVDid:CVE-2020-10279

LAST UPDATE DATE
2025-01-30T21:13:43.732000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007373date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1675date:2022-04-26T00:00:00
db:NVDid:CVE-2020-10279date:2024-11-21T04:55:07.650

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007373date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1675date:2020-06-24T00:00:00
db:NVDid:CVE-2020-10279date:2020-06-24T06:15:11.543