CVE-2020-10279 CRITICAL

CVE-2020-10279: RVD#2569: Insecure operating system defaults in MiR robots

Vendor Mobile Industrial Robots A/S
Product MiR100
Weakness CWE-276
Published June 24, 2020
Last update September 17, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

What the vulnerability does

01Description

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.

Key dates

02Disclosure timeline

June 24, 2020 CVE published
September 17, 2024 Record updated