Sign-up

ID

VAR-202006-0266


CVE

CVE-2020-10270


TITLE

plural MiR Vulnerabilities in the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-007377

DESCRIPTION

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. plural MiR The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10270 // JVNDB: JVNDB-2020-007377

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:aliasroboticsmodel:mir250scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-flexscope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir500scope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir100scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-litescope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir200scope:lteversion:2.8.1.1

Trust: 1.0

vendor:aliasroboticsmodel:mir1000scope:lteversion:2.8.1.1

Trust: 1.0

vendor:enabled roboticsmodel:er-onescope:lteversion:2.8.1.1

Trust: 1.0

vendor:mobile industrial roboticsmodel:er200scope:lteversion:2.8.1.1

Trust: 1.0

vendor:uvd robotsmodel:uvd robotsscope:lteversion:2.8.1.1

Trust: 1.0

vendor:easyroboticsmodel:er-flexscope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-litescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-onescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir100scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir1000scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir250scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir500scope: - version: -

Trust: 0.8

vendor:uvd robotsmodel:uvdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-007377 // NVD: CVE-2020-10270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10270
value: CRITICAL

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10270
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007377
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202006-1665
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007377
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10270
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10270
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007377
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007377 // CNNVD: CNNVD-202006-1665 // NVD: CVE-2020-10270 // NVD: CVE-2020-10270

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2020-007377 // NVD: CVE-2020-10270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1665

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1665

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007377

PATCH
title:Top Pageurl:https://www.easyrobotics.biz/
Trust: 0.8
title:Top Pageurl:https://www.mobile-industrial-robots.com/en/
Trust: 0.8
title:Top Pageurl:http://www.uvd-robots.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007377

EXTERNAL IDS
db:NVDid:CVE-2020-10270
Trust: 2.5
db:JVNDBid:JVNDB-2020-007377
Trust: 0.8
db:CNNVDid:CNNVD-202006-1665
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007377 // 
            
            
            
            CNNVD: CNNVD-202006-1665 // 
            
            
            
            NVD: CVE-2020-10270

REFERENCES
url:https://github.com/aliasrobotics/rvd/issues/2557
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10270
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10270
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007377 // 
            
            
            
            CNNVD: CNNVD-202006-1665 // 
            
            
            
            NVD: CVE-2020-10270

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2020-007377
db:CNNVDid:CNNVD-202006-1665
db:NVDid:CVE-2020-10270

LAST UPDATE DATE
2025-01-30T22:22:35.714000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007377date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1665date:2022-03-10T00:00:00
db:NVDid:CVE-2020-10270date:2024-11-21T04:55:06.397

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007377date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1665date:2020-06-24T00:00:00
db:NVDid:CVE-2020-10270date:2020-06-24T05:15:12.753