Vulnerabilities > UVD Robots > UVD Robots Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-10278 | Improper Authentication vulnerability in multiple products The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. | 5.0 |
| 2020-06-24 | CVE-2020-10273 | Cleartext Storage of Sensitive Information vulnerability in multiple products MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. | 5.0 |
| 2020-06-24 | CVE-2020-10271 | Exposure of Resource to Wrong Sphere vulnerability in multiple products MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. | 5.0 |
| 2020-06-24 | CVE-2020-10270 | Use of Hard-coded Credentials vulnerability in multiple products Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. | 5.0 |
| 2020-06-24 | CVE-2020-10269 | Use of Hard-coded Credentials vulnerability in multiple products One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. | 5.0 |