CVE-2020-10271 Information

Description

MiR100 MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269 the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly the complete robot given that MiR’s operations are centered around the framework (ROS).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/aliasrobotics/RVD/issues/2555

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8