CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10274

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.0%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 5.5

References

Products affected by CVE-2020-10274

Easyrobotics » Er-Flex » Version: N/A

cpe:2.3:h:easyrobotics:er-flex:-
Easyrobotics » Er-Lite » Version: N/A

cpe:2.3:h:easyrobotics:er-lite:-
Easyrobotics » Er-One » Version: N/A

cpe:2.3:h:easyrobotics:er-one:-
Easyrobotics » Er200 » Version: N/A

cpe:2.3:h:easyrobotics:er200:-
Mobile-Industrial-Robots » Mir1000 » Version: N/A

cpe:2.3:h:mobile-industrial-robots:mir1000:-
Mobile-Industrial-Robots » Mir100 » Version: N/A

cpe:2.3:h:mobile-industrial-robots:mir100:-
Mobile-Industrial-Robots » Mir200 » Version: N/A

cpe:2.3:h:mobile-industrial-robots:mir200:-
Mobile-Industrial-Robots » Mir250 » Version: N/A

cpe:2.3:h:mobile-industrial-robots:mir250:-
Mobile-Industrial-Robots » Mir500 » Version: N/A

cpe:2.3:h:mobile-industrial-robots:mir500:-
Uvd-Robots » Uvd » Version: N/A

cpe:2.3:h:uvd-robots:uvd:-
Easyrobotics » Er-Flex Firmware » Version: N/A

cpe:2.3:o:easyrobotics:er-flex_firmware:-
Easyrobotics » Er-Lite Firmware » Version: N/A

cpe:2.3:o:easyrobotics:er-lite_firmware:-
Easyrobotics » Er-One Firmware » Version: N/A

cpe:2.3:o:easyrobotics:er-one_firmware:-
Easyrobotics » Er200 Firmware » Version: N/A

cpe:2.3:o:easyrobotics:er200_firmware:-
Mobile-Industrial-Robots » Mir1000 Firmware » Version: N/A

cpe:2.3:o:mobile-industrial-robots:mir1000_firmware:-
Mobile-Industrial-Robots » Mir100 Firmware » Version: Any

cpe:2.3:o:mobile-industrial-robots:mir100_firmware:*
Mobile-Industrial-Robots » Mir200 Firmware » Version: N/A

cpe:2.3:o:mobile-industrial-robots:mir200_firmware:-
Mobile-Industrial-Robots » Mir250 Firmware » Version: N/A

cpe:2.3:o:mobile-industrial-robots:mir250_firmware:-
Mobile-Industrial-Robots » Mir500 Firmware » Version: N/A

cpe:2.3:o:mobile-industrial-robots:mir500_firmware:-
Uvd-Robots » Uvd Firmware » Version: N/A

cpe:2.3:o:uvd-robots:uvd_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10274

Products

Pricing

Contact Us