Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
Vulnerability Description
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000.
CVSS Information
N/A
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Mobile Industrial Robots MiR100信任管理问题漏洞
Vulnerability Description
Easyrobotics ER200是丹麦Easyrobotics公司的一款能够集成UR和MiR机器人的工作站。Mobile Industrial Robots MiR100是MiR的一个应用软件。一款安全、经济高效的移动机器人,可快速实现内部运输和物流的自动化。 Mobile Industrial Robots MiR100存在信任管理问题漏洞。攻击者可利用该漏洞控制机器人并使用默认的用户界面。以下产品及版本受到影响:使用2.8.1.1及之前版本固件的Alias Robotics MiR100;使用2.
CVSS Information
N/A
Vulnerability Type
N/A