Plattform
other
Komponente
rvd
Behoben in
2.8.2
CVE-2020-10272 is a critical vulnerability affecting Mobile Industrial Robots (MiR) models like the MiR100 and MiR200 that utilize the Robot Operating System (ROS). The default ROS packages expose the computational graph without authentication, enabling attackers with network access to take control of the robot. This vulnerability impacts versions of MiR robots running ROS versions less than or equal to 2.8.1.1, and a fix is available in version 2.8.2.
The primary impact of CVE-2020-10272 is the potential for unauthorized control of MiR robots. An attacker with access to the robot's internal wireless or wired network can exploit this vulnerability to seamlessly command the robot, potentially disrupting operations, causing physical damage, or even using the robot for malicious purposes. This vulnerability is particularly concerning given the increasing use of robots in industrial and logistics environments where they often operate autonomously. The lack of authentication means that any device on the network could potentially exploit this flaw. Combined with CVE-2020-10269 and CVE-2020-10271, the attack surface expands significantly, allowing for more complex and potentially devastating attacks.
CVE-2020-10272 is considered a high-risk vulnerability due to its critical CVSS score and the potential for significant operational disruption. While no public exploits have been widely reported, the ease of exploitation (requiring only network access) raises concerns. The vulnerability is part of a cluster of related vulnerabilities (CVE-2020-10269 and CVE-2020-10271) which increases the overall risk. It has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing MiR robots in manufacturing, logistics, or warehousing environments are at risk. This includes facilities with shared internal networks, legacy robot deployments without network segmentation, and those relying on default ROS configurations without proper security hardening. Any environment where robots interact with sensitive data or critical infrastructure is particularly vulnerable.
• linux / server: Monitor network traffic for unusual connections to the robot's ROS services. Use ss or lsof to identify processes listening on exposed ports.
ss -tulnp | grep :11311 # ROS Master port• linux / server: Examine system logs (journalctl) for authentication failures or unauthorized access attempts to ROS services.
journalctl -u ros_master | grep -i authentication• generic web: Check for exposed ROS endpoints by attempting to access them via curl.
curl http://<robot_ip>:11311/get_node_infodisclosure
patch
Exploit-Status
EPSS
0.47% (65% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2020-10272 is to upgrade affected MiR robots to version 2.8.2 or later, which includes the necessary authentication mechanisms to protect the computational graph. If an immediate upgrade is not possible, consider segmenting the robot's network to restrict access to only authorized devices. Implementing network intrusion detection systems (IDS) and monitoring network traffic for suspicious activity can also help detect and prevent exploitation attempts. Review and strengthen network security policies to ensure only trusted devices can access the robot's network. After upgrading, confirm the fix by attempting to access the computational graph from an unauthorized network device; access should be denied.
Aktualisieren Sie die Roboter-Software von MiR auf eine Version, die Authentifizierungsmechanismen für den ROS-Rechengraph implementiert. Wenden Sie sich an die Dokumentation des Herstellers (Mobile Industrial Robots A/S), um die neuesten Sicherheitsupdates und Installationsanweisungen zu erhalten.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-10272 is a critical vulnerability affecting MiR robots using ROS, allowing unauthorized control due to exposed computational graphs without authentication.
You are affected if you are using MiR robots running ROS versions less than or equal to 2.8.1.1 and have not upgraded.
Upgrade your MiR robots to version 2.8.2 or later to mitigate the vulnerability. Network segmentation is a temporary workaround.
While no public exploitation has been confirmed, the vulnerability's ease of exploitation and potential impact suggest a high probability of exploitation.
Refer to the MiR security advisory for detailed information and mitigation steps: [https://www.mir-robotics.com/security-advisory-ros-vulnerabilities/](https://www.mir-robotics.com/security-advisory-ros-vulnerabilities/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.