MSA-13: Path Traversal Vulnerability Summary MiR robot software versions prior to version 3.0.0 are affected by a path traversal vulnerability. Authenticated users could abuse a vulnerable API endpoint to extract files from the robot file system. CVSS Scores CVSS 3.1 Base Score: 6.5 (Medium) CVSS 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products Attribution This vulnerability was discovered and reported by Lockheed Martin Red Team. References 1. NIST NVD entry: 2. MiR Cybersecurity Guide: Link Recommended Actions 1. Upgrade to software version 3.0.0 or newer Compensating Controls If you cannot immediately upgrade to the recommended version, we recommend the following compensating measures: 1. Operate the MiR system in a segmented and secured network with strict firewall rules 2. Secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide