Vulnerabilities > CVE-2020-10279 - Insecure Default Initialization of Resource vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

aliasrobotics

mobile-industrial-robotics

enabled-robotics

uvd-robots

CWE-1188

critical

NVD

Published: 2020-06-24

Updated: 2022-04-25

Summary

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.

Vulnerable Configurations

Part	Description	Count
OS	Aliasrobotics Aliasrobotics Mir100 Firmware - Aliasrobotics Mir100 Firmware 2.8.1.1 Aliasrobotics Mir200 Firmware - Aliasrobotics Mir200 Firmware 2.8.1.1 Aliasrobotics Mir250 Firmware - Aliasrobotics Mir250 Firmware 2.8.1.1 Aliasrobotics Mir500 Firmware - Aliasrobotics Mir500 Firmware 2.8.1.1 Aliasrobotics Mir1000 Firmware - Aliasrobotics Mir1000 Firmware 2.8.1.1	10
OS	Mobile-Industrial-Robotics Mobile Industrial Robotics Er200 Firmware - Mobile Industrial Robotics Er200 Firmware 2.8.1.1	2
OS	Enabled-Robotics Enabled Robotics ER Lite Firmware - Enabled Robotics ER Lite Firmware 2.8.1.1 Enabled Robotics ER Flex Firmware - Enabled Robotics ER Flex Firmware 2.8.1.1 Enabled Robotics ER ONE Firmware - Enabled Robotics ER ONE Firmware 2.8.1.1	6
OS	Uvd-Robots UVD Robots UVD Robots Firmware - UVD Robots UVD Robots Firmware 2.8.1.1	2
Hardware	Aliasrobotics Aliasrobotics Mir100 - Aliasrobotics Mir200 - Aliasrobotics Mir250 - Aliasrobotics Mir500 - Aliasrobotics Mir1000 -	5
Hardware	Mobile-Industrial-Robotics Mobile Industrial Robotics Er200 -	1
Hardware	Enabled-Robotics Enabled Robotics ER Lite - Enabled Robotics ER Flex - Enabled Robotics ER ONE -	3
Hardware	Uvd-Robots UVD Robots UVD Robots -	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://github.com/aliasrobotics/RVD/issues/2569