Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-24	CVE-2020-10280	Improper Resource Shutdown or Release vulnerability in multiple products The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. network low complexity mobile-industrial-robots easyrobotics uvd-robots CWE-404	5.0
2020-06-24	CVE-2020-10278	Improper Authentication vulnerability in multiple products The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-287	5.0
2020-06-24	CVE-2020-10277	There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine. local low complexity mobile-industrial-robots easyrobotics uvd-robots	4.6
2020-06-24	CVE-2020-10274	Use of Insufficiently Random Values vulnerability in multiple products The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). network low complexity mobile-industrial-robots easyrobotics uvd-robots CWE-330	5.5
2020-06-24	CVE-2020-10273	Cleartext Storage of Sensitive Information vulnerability in multiple products MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-312	5.0
2020-06-24	CVE-2020-10271	Exposure of Resource to Wrong Sphere vulnerability in multiple products MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-668	5.0
2020-06-24	CVE-2020-10270	Use of Hard-coded Credentials vulnerability in multiple products Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-798	5.0
2020-06-24	CVE-2020-10269	Use of Hard-coded Credentials vulnerability in multiple products One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. network low complexity aliasrobotics mobile-industrial-robotics enabled-robotics uvd-robots CWE-798	5.0