CVE-2020-10273
24.06.2020, 05:15
MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.Enginsight
| Vendor | Product | Version |
|---|---|---|
| aliasrobotics | mir100_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir200_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir250_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir500_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir1000_firmware | 𝑥 ≤ 2.8.1.1 |
| mobile-industrial-robotics | er200_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-lite_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-flex_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-one_firmware | 𝑥 ≤ 2.8.1.1 |
| uvd-robots | uvd_robots_firmware | 𝑥 ≤ 2.8.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-311 - Missing Encryption of Sensitive DataThe software does not encrypt sensitive or critical information before storage or transmission.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.