9.8
CVE-2020-10276
- EPSS 0.36%
- Published 24.06.2020 05:15:13
- Last modified 21.11.2024 04:55:07
- Source cve@aliasrobotics.com
- Teams watchlist Login
- Open Login
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.
Data is provided by the National Vulnerability Database (NVD)
Mobile-industrial-robots ≫ Mir100 Firmware Version <= 2.8.1.1
Mobile-industrial-robots ≫ Mir200 Firmware Version-
Mobile-industrial-robots ≫ Mir250 Firmware Version-
Mobile-industrial-robots ≫ Mir500 Firmware Version-
Mobile-industrial-robots ≫ Mir1000 Firmware Version-
Easyrobotics ≫ Er200 Firmware Version-
Easyrobotics ≫ Er-lite Firmware Version-
Easyrobotics ≫ Er-flex Firmware Version-
Easyrobotics ≫ Er-one Firmware Version-
Uvd-robots ≫ Uvd Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.554 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| cve@aliasrobotics.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.