Search

Find a vulnerability

Search criteria

    7 vulnerabilities by aliasrobotics

    CVE-2026-25130 (GCVE-0-2026-25130)

    Vulnerability from nvd – Published: 2026-01-30 20:15 – Updated: 2026-02-02 18:01
    VLAI
    Title
    Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
    Summary
    Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    aliasrobotics cai Affected: <= 0.5.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25130",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T18:00:55.987075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T18:01:06.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cai",
              "vendor": "aliasrobotics",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 0.5.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a \"safe\" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.7,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-30T20:15:51.772Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60"
            }
          ],
          "source": {
            "advisory": "GHSA-jfpc-wj3m-qw2m",
            "discovery": "UNKNOWN"
          },
          "title": "Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25130",
        "datePublished": "2026-01-30T20:15:51.772Z",
        "dateReserved": "2026-01-29T14:03:42.540Z",
        "dateUpdated": "2026-02-02T18:01:06.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67511 (GCVE-0-2025-67511)

    Vulnerability from nvd – Published: 2025-12-10 23:18 – Updated: 2025-12-11 17:22
    VLAI
    Title
    Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
    Summary
    Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    aliasrobotics cai Affected: <= 0.5.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67511",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T15:36:12.192113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T15:36:25.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cai",
              "vendor": "aliasrobotics",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 0.5.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is  available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.7,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T17:22:08.701Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c"
            },
            {
              "name": "https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself"
            }
          ],
          "source": {
            "advisory": "GHSA-4c65-9gqf-4w8h",
            "discovery": "UNKNOWN"
          },
          "title": "Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-67511",
        "datePublished": "2025-12-10T23:18:56.545Z",
        "dateReserved": "2025-12-08T21:46:24.993Z",
        "dateUpdated": "2025-12-11T17:22:08.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25130 (GCVE-0-2026-25130)

    Vulnerability from cvelistv5 – Published: 2026-01-30 20:15 – Updated: 2026-02-02 18:01
    VLAI
    Title
    Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
    Summary
    Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a "safe" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    aliasrobotics cai Affected: <= 0.5.10
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25130",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T18:00:55.987075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T18:01:06.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cai",
              "vendor": "aliasrobotics",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 0.5.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a \"safe\" pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.7,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-30T20:15:51.772Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-jfpc-wj3m-qw2m"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/commit/e22a1220f764e2d7cf9da6d6144926f53ca01cde"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/blob/559de8fcbc2b44f3b0360f35ffdc2bb975e7d7e4/src/cai/tools/reconnaissance/filesystem.py#L60"
            }
          ],
          "source": {
            "advisory": "GHSA-jfpc-wj3m-qw2m",
            "discovery": "UNKNOWN"
          },
          "title": "Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25130",
        "datePublished": "2026-01-30T20:15:51.772Z",
        "dateReserved": "2026-01-29T14:03:42.540Z",
        "dateUpdated": "2026-02-02T18:01:06.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67511 (GCVE-0-2025-67511)

    Vulnerability from cvelistv5 – Published: 2025-12-10 23:18 – Updated: 2025-12-11 17:22
    VLAI
    Title
    Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
    Summary
    Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    aliasrobotics cai Affected: <= 0.5.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67511",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T15:36:12.192113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-11T15:36:25.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cai",
              "vendor": "aliasrobotics",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 0.5.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is  available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.7,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-11T17:22:08.701Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h"
            },
            {
              "name": "https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c"
            },
            {
              "name": "https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.hacktivesecurity.com/blog/2025/12/10/cve-2025-67511-tricking-a-security-ai-agent-into-pwning-itself"
            }
          ],
          "source": {
            "advisory": "GHSA-4c65-9gqf-4w8h",
            "discovery": "UNKNOWN"
          },
          "title": "Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-67511",
        "datePublished": "2025-12-10T23:18:56.545Z",
        "dateReserved": "2025-12-08T21:46:24.993Z",
        "dateUpdated": "2025-12-11T17:22:08.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202006-0266

    Vulnerability from variot - Updated: 2025-01-30 22:22

    Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. plural MiR The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0266",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mir250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-lite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-one",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mobile industrial robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "uvd robots",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "uvd robots",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-lite",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-one",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er200",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "mir100",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir200",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir250",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir500",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "uvd",
            "scope": null,
            "trust": 0.8,
            "vendor": "uvd robots",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-flex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-one_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir500_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:uvd-robots:uvd_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          }
        ]
      },
      "cve": "CVE-2020-10270",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-10270",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007377",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10270",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@aliasrobotics.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10270",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007377",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10270",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@aliasrobotics.com",
                "id": "CVE-2020-10270",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007377",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1665",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it\u0027s possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. plural MiR The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10270",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "id": "VAR-202006-0266",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "industrial device"
            ],
            "sub_category": "robot",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T22:22:35.714000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.easyrobotics.biz/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mobile-industrial-robots.com/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.uvd-robots.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/aliasrobotics/rvd/issues/2557"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10270"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10270"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "date": "2020-06-24T05:15:12.753000",
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          },
          {
            "date": "2024-11-21T04:55:06.397000",
            "db": "NVD",
            "id": "CVE-2020-10270"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  MiR Vulnerabilities in the use of hard-coded credentials in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007377"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1665"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0268

    Vulnerability from variot - Updated: 2025-01-30 21:44

    MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. plural MiR The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0268",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mir250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-lite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-one",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mobile industrial robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "uvd robots",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "uvd robots",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-lite",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-one",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er200",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "mir100",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir200",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir250",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir500",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "uvd",
            "scope": null,
            "trust": 0.8,
            "vendor": "uvd robots",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-flex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-one_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir500_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:uvd-robots:uvd_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Victor Mayoral Vilches of Alias Robotics reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-10272",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-10272",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007374",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10272",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@aliasrobotics.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10272",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007374",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10272",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@aliasrobotics.com",
                "id": "CVE-2020-10272",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007374",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1663",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. plural MiR The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10272",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3344",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101107",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-280-02",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "id": "VAR-202006-0268",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "industrial device"
            ],
            "sub_category": "robot",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:44:48.070000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.easyrobotics.biz/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mobile-industrial-robots.com/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.uvd-robots.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/aliasrobotics/rvd/issues/2554"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10272"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10272"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101107"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3344"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "date": "2020-06-24T05:15:12.943000",
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          },
          {
            "date": "2024-11-21T04:55:06.683000",
            "db": "NVD",
            "id": "CVE-2020-10272"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  MiR Vulnerability regarding lack of authentication for critical features in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007374"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1663"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0259

    Vulnerability from variot - Updated: 2025-01-30 21:13

    MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. MiR robot The controller contains a vulnerability regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0259",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mir250",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-lite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "mir1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aliasrobotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er-one",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "enabled robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "er200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mobile industrial robotics",
            "version": "2.8.1.1"
          },
          {
            "model": "uvd robots",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "uvd robots",
            "version": "2.8.1.1"
          },
          {
            "model": "er-flex",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-lite",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er-one",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "er200",
            "scope": null,
            "trust": 0.8,
            "vendor": "easyrobotics",
            "version": null
          },
          {
            "model": "mir100",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir200",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir250",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "mir500",
            "scope": null,
            "trust": 0.8,
            "vendor": "mobile industrial robots a s",
            "version": null
          },
          {
            "model": "uvd",
            "scope": null,
            "trust": 0.8,
            "vendor": "uvd robots",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-flex_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-lite_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er-one_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:easyrobotics:er200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir100_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir200_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir250_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:mobile-industrial-robots:mir500_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:uvd-robots:uvd_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Victor Mayoral Vilches of Alias Robotics reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-10279",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-10279",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007373",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10279",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@aliasrobotics.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-10279",
                "impactScore": 6.0,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-007373",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-10279",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@aliasrobotics.com",
                "id": "CVE-2020-10279",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-007373",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1675",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks. MiR robot The controller contains a vulnerability regarding improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-10279",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101107",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3344",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-280-02",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "id": "VAR-202006-0259",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ],
        "trust": 0.01
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "industrial device"
            ],
            "sub_category": "robot",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T21:13:43.732000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.easyrobotics.biz/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mobile-industrial-robots.com/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.uvd-robots.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-276",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-362",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-1188",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/aliasrobotics/rvd/issues/2569"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10279"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10279"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101107"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3344"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "date": "2020-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "date": "2020-06-24T06:15:11.543000",
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          },
          {
            "date": "2022-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          },
          {
            "date": "2024-11-21T04:55:07.650000",
            "db": "NVD",
            "id": "CVE-2020-10279"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MiR robot Vulnerability in improper default permissions on controller",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-007373"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1675"
          }
        ],
        "trust": 0.6
      }
    }