CVE-2020-10276
CRITICALMobile Industrial Robots MIR100 Firmware < 2.8.1.1 - Use of Hard-coded Credentials
Title source: llmDescription
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/aliasrobotics/RVD/issues/2558
Scores
CVSS v3
9.8
EPSS
0.0150
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (10)
easyrobotics/er-flex_firmware
easyrobotics/er-lite_firmware
easyrobotics/er-one_firmware
easyrobotics/er200_firmware
mobile-industrial-robots/mir1000_firmware
mobile-industrial-robots/mir100_firmware
< 2.8.1.1
mobile-industrial-robots/mir200_firmware
mobile-industrial-robots/mir250_firmware
mobile-industrial-robots/mir500_firmware
uvd-robots/uvd_firmware
Published
Jun 24, 2020
Tracked Since
Feb 18, 2026