6.1

CVE-2020-10278

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

Data is provided by the National Vulnerability Database (NVD)
AliasroboticsMir100 Firmware Version <= 2.8.1.1
   AliasroboticsMir100 Version-
AliasroboticsMir200 Firmware Version <= 2.8.1.1
   AliasroboticsMir200 Version-
AliasroboticsMir250 Firmware Version <= 2.8.1.1
   AliasroboticsMir250 Version-
AliasroboticsMir500 Firmware Version <= 2.8.1.1
   AliasroboticsMir500 Version-
AliasroboticsMir1000 Firmware Version <= 2.8.1.1
   AliasroboticsMir1000 Version-
Enabled-roboticsEr-lite Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-lite Version-
Enabled-roboticsEr-flex Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-flex Version-
Enabled-roboticsEr-one Firmware Version <= 2.8.1.1
   Enabled-roboticsEr-one Version-
Uvd-robotsUvd Robots Firmware Version <= 2.8.1.1
   Uvd-robotsUvd Robots Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.419
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
cve@aliasrobotics.com 6.1 0.9 4.7
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.