CVE-2020-10276

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mobile-industrial-robots:mir100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mobile-industrial-robots:mir200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mobile-industrial-robots:mir250:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mobile-industrial-robots:mir1000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:easyrobotics:er200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:easyrobotics:er200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:easyrobotics:er-lite_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:easyrobotics:er-lite:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:easyrobotics:er-flex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:easyrobotics:er-flex:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:easyrobotics:er-one_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:easyrobotics:er-one:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:uvd-robots:uvd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:uvd-robots:uvd:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:55

Type Values Removed Values Added
References () https://github.com/aliasrobotics/RVD/issues/2558 - Third Party Advisory () https://github.com/aliasrobotics/RVD/issues/2558 - Third Party Advisory

Information

Published : 2020-06-24 05:15

Updated : 2024-11-21 04:55


NVD link : CVE-2020-10276

Mitre link : CVE-2020-10276

CVE.ORG link : CVE-2020-10276


JSON object : View

Products Affected

easyrobotics

  • er-one_firmware
  • er-flex
  • er200_firmware
  • er200
  • er-lite_firmware
  • er-lite
  • er-one
  • er-flex_firmware

mobile-industrial-robots

  • mir1000_firmware
  • mir250_firmware
  • mir500_firmware
  • mir200
  • mir250
  • mir100_firmware
  • mir1000
  • mir100
  • mir500
  • mir200_firmware

uvd-robots

  • uvd_firmware
  • uvd
CWE
CWE-798

Use of Hard-coded Credentials