admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Assign CVE-2020-10266

Browse Source
This commit is contained in:
Víctor Mayoral Vilches 2020-04-04 18:53:48 +02:00
parent 1571e09a80
commit 16cf411bda
1 changed files with 98 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2020/10xxx/CVE-2020-10266.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-04-04T16:53:42 +00:00",
"ID": "CVE-2020-10266",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "URx",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Universal Robots"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Víctor Mayoral Vilches <victor@aliasrobotics.com>, Mike Karamousadakis, Lander Usategui San Juan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "high",
"confidentialityImpact": "LOW",
"integrityImpact": "REQUIRED",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353 (Missing Support for Integrity Check)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.universal-robots.com/plus/",
"refsource": "CONFIRM",
"url": "https://www.universal-robots.com/plus/"
}
}
],
"reference_data": [
{
"name": "https://www.universal-robots.com/plus/developer/",
"refsource": "CONFIRM",
"url": "https://www.universal-robots.com/plus/developer/"
}
],
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/1487",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/1487"
}
]
},
"source": {
"defect": [
"RVD#1487"
],
"discovery": "EXTERNAL"
}
}