CVE-2020-10278 — MEDIUM (4.6)

Q: How severe is CVE-2020-10278?

CVE-2020-10278 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-10278?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.

Vulnerability Description

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Aliasrobotics	Mir100 Firmware	<= 2.8.1.1
Aliasrobotics	Mir100	-
Aliasrobotics	Mir200 Firmware	<= 2.8.1.1
Aliasrobotics	Mir200	-
Aliasrobotics	Mir250 Firmware	<= 2.8.1.1
Aliasrobotics	Mir250	-
Aliasrobotics	Mir500 Firmware	<= 2.8.1.1
Aliasrobotics	Mir500	-
Aliasrobotics	Mir1000 Firmware	<= 2.8.1.1
Aliasrobotics	Mir1000	-
Mobile-Industrial-Robotics	Er200 Firmware	<= 2.8.1.1
Mobile-Industrial-Robotics	Er200	-
Enabled-Robotics	Er-Lite Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Lite	-
Enabled-Robotics	Er-Flex Firmware	<= 2.8.1.1
Enabled-Robotics	Er-Flex	-
Enabled-Robotics	Er-One Firmware	<= 2.8.1.1
Enabled-Robotics	Er-One	-
Uvd-Robots	Uvd Robots Firmware	<= 2.8.1.1
Uvd-Robots	Uvd Robots	-

Related Weaknesses (CWE)

CWE-287 CWE-284

References

https://github.com/aliasrobotics/RVD/issues/2561Third Party Advisory
https://github.com/aliasrobotics/RVD/issues/2561Third Party Advisory

FAQ

What is CVE-2020-10278?

CVE-2020-10278 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Li...

How severe is CVE-2020-10278?

CVE-2020-10278 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10278?

Check the references section above for vendor advisories and patch information. Affected products include: Aliasrobotics Mir100 Firmware, Aliasrobotics Mir100, Aliasrobotics Mir200 Firmware, Aliasrobotics Mir200, Aliasrobotics Mir250 Firmware.