CVE-2020-10279

EPSS 0.29%
Published 24.06.2020 06:15:11
Last modified 21.11.2024 04:55:07
Source cve@aliasrobotics.com
Teams watchlist Login
Open Login

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.

Affected products Warnungen 0 Metrics 4 CWE 3 References 4

Data is provided by the National Vulnerability Database (NVD)

Aliasrobotics ≫ Mir100 Firmware Version <= 2.8.1.1

Aliasrobotics ≫ Mir100 Version-

Aliasrobotics ≫ Mir200 Firmware Version <= 2.8.1.1

Aliasrobotics ≫ Mir200 Version-

Aliasrobotics ≫ Mir250 Firmware Version <= 2.8.1.1

Aliasrobotics ≫ Mir250 Version-

Aliasrobotics ≫ Mir500 Firmware Version <= 2.8.1.1

Aliasrobotics ≫ Mir500 Version-

Aliasrobotics ≫ Mir1000 Firmware Version <= 2.8.1.1

Aliasrobotics ≫ Mir1000 Version-

Mobile-industrial-robotics ≫ Er200 Firmware Version <= 2.8.1.1

Mobile-industrial-robotics ≫ Er200 Version-

Enabled-robotics ≫ Er-lite Firmware Version <= 2.8.1.1

Enabled-robotics ≫ Er-lite Version-

Enabled-robotics ≫ Er-flex Firmware Version <= 2.8.1.1

Enabled-robotics ≫ Er-flex Version-

Enabled-robotics ≫ Er-one Firmware Version <= 2.8.1.1

Enabled-robotics ≫ Er-one Version-

Uvd-robots ≫ Uvd Robots Firmware Version <= 2.8.1.1

Uvd-robots ≫ Uvd Robots Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.492

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@aliasrobotics.com	10	3.9	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://github.com/aliasrobotics/RVD/issues/2569

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-10279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10279

EUVD