Vulnerabilities > Mobile Industrial Robots
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-10280 | Improper Resource Shutdown or Release vulnerability in multiple products The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. | 5.0 |
| 2020-06-24 | CVE-2020-10277 | There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. | 4.6 |
| 2020-06-24 | CVE-2020-10276 | Use of Hard-coded Credentials vulnerability in multiple products The password for the safety PLC is the default and thus easy to find (in manuals, etc.). | 7.5 |
| 2020-06-24 | CVE-2020-10275 | Inadequate Encryption Strength vulnerability in multiple products The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. | 7.5 |
| 2020-06-24 | CVE-2020-10274 | Use of Insufficiently Random Values vulnerability in multiple products The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). | 5.5 |