Sign-up

ID

VAR-202006-0272


CVE

CVE-2020-10276


TITLE

Vulnerability in using hard-coded credentials in multiple products

Trust: 0.8

sources: JVNDB: JVNDB-2020-007371

DESCRIPTION

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. Several products contain vulnerabilities in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10276 // JVNDB: JVNDB-2020-007371

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:uvd robotsmodel:uvdscope:eqversion: -

Trust: 1.0

vendor:easyroboticsmodel:er-flexscope:eqversion: -

Trust: 1.0

vendor:mobile industrial robotsmodel:mir250scope:eqversion: -

Trust: 1.0

vendor:easyroboticsmodel:er200scope:eqversion: -

Trust: 1.0

vendor:mobile industrial robotsmodel:mir500scope:eqversion: -

Trust: 1.0

vendor:mobile industrial robotsmodel:mir200scope:eqversion: -

Trust: 1.0

vendor:easyroboticsmodel:er-onescope:eqversion: -

Trust: 1.0

vendor:mobile industrial robotsmodel:mir100scope:lteversion:2.8.1.1

Trust: 1.0

vendor:mobile industrial robotsmodel:mir1000scope:eqversion: -

Trust: 1.0

vendor:easyroboticsmodel:er-litescope:eqversion: -

Trust: 1.0

vendor:easyroboticsmodel:er-flexscope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-litescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er-onescope: - version: -

Trust: 0.8

vendor:easyroboticsmodel:er200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir100scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir1000scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir200scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir250scope: - version: -

Trust: 0.8

vendor:mobile industrial robots a smodel:mir500scope: - version: -

Trust: 0.8

vendor:uvd robotsmodel:uvdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-007371 // NVD: CVE-2020-10276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10276
value: CRITICAL

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10276
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007371
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202006-1666
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10276
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007371
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-10276
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@aliasrobotics.com: CVE-2020-10276
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007371
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007371 // CNNVD: CNNVD-202006-1666 // NVD: CVE-2020-10276 // NVD: CVE-2020-10276

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2020-007371 // NVD: CVE-2020-10276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1666

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-1666

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007371

PATCH
title:Top Pageurl:https://www.easyrobotics.biz/
Trust: 0.8
title:Top Pageurl:https://www.mobile-industrial-robots.com/en/
Trust: 0.8
title:Top Pageurl:http://www.uvd-robots.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007371

EXTERNAL IDS
db:NVDid:CVE-2020-10276
Trust: 2.5
db:JVNDBid:JVNDB-2020-007371
Trust: 0.8
db:AUSCERTid:ESB-2021.3344
Trust: 0.6
db:CS-HELPid:SB2021101107
Trust: 0.6
db:ICS CERTid:ICSA-21-280-02
Trust: 0.6
db:CNNVDid:CNNVD-202006-1666
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007371 // 
            
            
            
            CNNVD: CNNVD-202006-1666 // 
            
            
            
            NVD: CVE-2020-10276

REFERENCES
url:https://github.com/aliasrobotics/rvd/issues/2558
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10276
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10276
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2021101107
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3344
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2020-007371 // 
            
            
            
            CNNVD: CNNVD-202006-1666 // 
            
            
            
            NVD: CVE-2020-10276

CREDITS
Victor Mayoral Vilches of Alias Robotics reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1666

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2020-007371
db:CNNVDid:CNNVD-202006-1666
db:NVDid:CVE-2020-10276

LAST UPDATE DATE
2025-01-30T21:54:04.470000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007371date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1666date:2022-03-10T00:00:00
db:NVDid:CVE-2020-10276date:2024-11-21T04:55:07.250

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007371date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1666date:2020-06-24T00:00:00
db:NVDid:CVE-2020-10276date:2020-06-24T05:15:13.270