7.5

CVE-2020-10273

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.

Data is provided by the National Vulnerability Database (NVD)
AliasroboticsMir100 Firmware Version <= 2.8.1.1
   AliasroboticsMir100 Version-
AliasroboticsMir200 Firmware Version <= 2.8.1.1
   AliasroboticsMir200 Version-
AliasroboticsMir250 Firmware Version <= 2.8.1.1
   AliasroboticsMir250 Version-
AliasroboticsMir500 Firmware Version <= 2.8.1.1
   AliasroboticsMir500 Version-
AliasroboticsMir1000 Firmware Version <= 2.8.1.1
   AliasroboticsMir1000 Version-
Enabled-roboticsEr-lite Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-lite Version-
Enabled-roboticsEr-flex Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-flex Version-
Enabled-roboticsEr-one Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-one Version-
Uvd-robotsUvd Robots Firmware Version <= 2.8.1.1
   Uvd-robotsUvd Robots Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.283
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@aliasrobotics.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/aliasrobotics/RVD/issues/2560
Third Party Advisory
Issue Tracking