CVE-2020-10273 — HIGH (7.5)

Q: How severe is CVE-2020-10273?

CVE-2020-10273 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-10273?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.

Vulnerability Description

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Aliasrobotics	Mir100 Firmware	<= 2.8.1.1
Aliasrobotics	Mir100	-
Aliasrobotics	Mir200 Firmware	<= 2.8.1.1
Aliasrobotics	Mir200	-
Aliasrobotics	Mir250 Firmware	<= 2.8.1.1
Aliasrobotics	Mir250	-
Aliasrobotics	Mir500 Firmware	<= 2.8.1.1
Aliasrobotics	Mir500	-
Aliasrobotics	Mir1000 Firmware	<= 2.8.1.1
Aliasrobotics	Mir1000	-
Mobile-Industrial-Robotics	Er200 Firmware	<= 2.8.1.1
Mobile-Industrial-Robotics	Er200	-
Enabled-Robotics	Er-Lite Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Lite	-
Enabled-Robotics	Er-Flex Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Flex	-
Enabled-Robotics	Er-One Firmware	<= 2.8.1.1
Enabled-Robotics	Er-One	-
Uvd-Robots	Uvd Robots Firmware	<= 2.8.1.1
Uvd-Robots	Uvd Robots	-

Related Weaknesses (CWE)

CWE-312 CWE-311

References

https://github.com/aliasrobotics/RVD/issues/2560Issue TrackingThird Party Advisory
https://github.com/aliasrobotics/RVD/issues/2560Issue TrackingThird Party Advisory

FAQ

What is CVE-2020-10273?

CVE-2020-10273 is a vulnerability with a CVSS score of 7.5 (HIGH). MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to ...

How severe is CVE-2020-10273?

CVE-2020-10273 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10273?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.