CVE-2020-10278

MEDIUM

MiR and Enabled Robotics Firmware < 2.8.1.1 - Unauthenticated BIOS Access Control Bypass

Title source: llm

Description

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://github.com/aliasrobotics/RVD/issues/2561

Scores

CVSS v3 4.6

EPSS 0.0097

EPSS Percentile 57.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284 CWE-287

Status published

Products (10)

aliasrobotics/mir1000_firmware < 2.8.1.1

aliasrobotics/mir100_firmware < 2.8.1.1

aliasrobotics/mir200_firmware < 2.8.1.1

aliasrobotics/mir250_firmware < 2.8.1.1

aliasrobotics/mir500_firmware < 2.8.1.1

enabled-robotics/er-flex_firmware < 2.8.1.1

enabled-robotics/er-lite_firmware < 2.8.1.1

enabled-robotics/er-one_firmware < 2.8.1.1

mobile-industrial-robotics/er200_firmware < 2.8.1.1

uvd-robots/uvd_robots_firmware < 2.8.1.1

Published Jun 24, 2020

Tracked Since Feb 18, 2026