Vulnerabilities > UVD Robots > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-10279 | Insecure Default Initialization of Resource vulnerability in multiple products MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-1188 critical | 9.8 |
| 2020-06-24 | CVE-2020-10276 | Use of Hard-coded Credentials vulnerability in multiple products The password for the safety PLC is the default and thus easy to find (in manuals, etc.). | 9.8 |
| 2020-06-24 | CVE-2020-10275 | Inadequate Encryption Strength vulnerability in multiple products The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. | 9.8 |
| 2020-06-24 | CVE-2020-10272 | Missing Authentication for Critical Function vulnerability in multiple products MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-306 critical | 9.8 |
| 2020-06-24 | CVE-2020-10271 | Exposure of Resource to Wrong Sphere vulnerability in multiple products MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-668 critical | 9.8 |
| 2020-06-24 | CVE-2020-10270 | Use of Hard-coded Credentials vulnerability in multiple products Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-798 critical | 9.8 |
| 2020-06-24 | CVE-2020-10269 | Use of Hard-coded Credentials vulnerability in multiple products One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-798 critical | 9.8 |