A vulnerability classified as critical was found in Alias Robotics MiR100, MiR200, MiR250, MiR500 and MiR1000. Affected by this vulnerability is an unknown part of the component Computational Graph. The manipulation with an unknown input leads to a missing authentication vulnerability. The CWE definition for the vulnerability is CWE-306. The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.

The weakness was published 06/24/2020 (GitHub Repository). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2020-10272 since 03/10/2020. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 157196, 157194, 157193 and 157192.

Productinfo

Vendor

• Alias Robotics

Name

• MiR100
• MiR200
• MiR250
• MiR500
• MiR1000

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion