CVE-2020-10279
24.06.2020, 06:15
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.
| Vendor | Product | Version |
|---|---|---|
| aliasrobotics | mir100_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir200_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir250_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir500_firmware | 𝑥 ≤ 2.8.1.1 |
| aliasrobotics | mir1000_firmware | 𝑥 ≤ 2.8.1.1 |
| mobile-industrial-robotics | er200_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-lite_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-flex_firmware | 𝑥 ≤ 2.8.1.1 |
| enabled-robotics | er-one_firmware | 𝑥 ≤ 2.8.1.1 |
| uvd-robots | uvd_robots_firmware | 𝑥 ≤ 2.8.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.