Mobile-industrial-robots Mir500
Approved changes feed: RSS · Atom
cpe:2.3:h:mobile-industrial-robots:mir500:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Mobile Industrial Robots (96dc0f0b-2c6d-5eb4-a6cc-866624eb717b) |
|---|---|
| Product | Mir500 (f0e8a76e-ab44-5b76-8516-e9fa0d13013c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-10280 |
not_vulnerable | 2026-06-08 05:16:35.091228 |
RVD#2568: Apache server is vulnerable to a DoS
HIGH (8.2)
The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard.
Published: 2020-06-24T05:45:13.897Z
Updated: 2024-09-17T04:09:28.615Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10277 |
not_vulnerable | 2026-06-08 05:16:35.088627 |
RVD#2562: Booting from a live image leads to exfiltration of sensible information and privilege escalation
MEDIUM (6.4)
There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually adding a new user with sudo privileges on the machine.
Published: 2020-06-24T04:55:17.409Z
Updated: 2024-09-17T02:27:32.380Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10276 |
not_vulnerable | 2026-06-08 05:16:35.087762 |
RVD#2558: Default credentials on SICK PLC allows disabling safety features
CRITICAL (9.8)
The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device.
Published: 2020-06-24T04:50:14.520Z
Updated: 2024-09-16T17:08:36.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10275 |
not_vulnerable | 2026-06-08 05:16:35.086758 |
RVD#2565: Weak token generation for the REST API.
CRITICAL (9.8)
The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data.
Published: 2020-06-24T05:00:26.620Z
Updated: 2024-09-16T20:31:47.182Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10274 |
not_vulnerable | 2026-06-08 05:16:35.078786 |
RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)
HIGH (7.1)
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database.
Published: 2020-06-24T04:40:12.678Z
Updated: 2024-09-17T00:05:33.397Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.