SB2021101107 - Multiple vulnerabilities in Mobile Industrial Robots Vehicles and MiR Fleet Software
Published: October 11, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-7184)
The vulnerability allows a local attacker to execute arbitrary code on the target system with escalated privileges.The vulnerability exists due to boundary error in xfrm_replay_verify_len() function in net/xfrm/xfrm_user.c in Linux kernel when validating data after an XFRM_MSG_NEWAE update. A local use can trigger heap-based buffer overflow by leveraging the CAP_NET_ADMIN capability and execute arbitrary code on the target system with root privileges.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
This vulnerability was demonstrated during the Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
2) Integer overflow (CVE-ID: CVE-2017-18255)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper validation of the input value from userspace when using the perf_cpu_time_max_percent_handler function, as defined in the kernel/events/core.c source code file. A local attacker can send specially crafted input that contains large values, trigger integer overflow and cause the service to crash.
3) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2020-10271)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to two APIs to the Robot Operating System (ROS) used in MiR robots are accessible from both wired and wireless network interfaces. A remote attacker can control of the robot, cause a denial of service (DoS) condition and exfiltrate data over the web interface.
4) Missing Authentication for Critical Function (CVE-ID: CVE-2020-10272)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to Robot Operating System (ROS) default packages are used, which expose the computational graph without any authentication. A remote attacker on the local network can take control of the robot.
5) Missing Encryption of Sensitive Data (CVE-ID: CVE-2020-10273)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data. A local attacker can gain unauthorized access to sensitive information on the system.
6) Improper access control (CVE-ID: CVE-2020-10276)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to MiR robots shipped before June 2020 had default passwords set for the SICK safety PLC. A remote attacker on the local network can use the default credentials to manipulate the safety PLC, effectively disabling the emergency stop function.
7) Improper access control (CVE-ID: CVE-2020-10277)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the ability to boot from USB is an insecure default configuration that is changeable by integrators. An attacker with physical access can abuse this functionality to manipulate or exfiltrate data stored on the robot’s hard drive.
8) Improper access control (CVE-ID: CVE-2020-10278)
The vulnerability allows an attacker with physical access to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the lack of a BIOS password is an insecure default configuration, changeable by integrators.
9) Incorrect default permissions (CVE-ID: CVE-2020-10279)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions. A local attacker with access to the robot operating system (ROS) can perform privilege escalation or cause denial-of-service.
10) Input validation error (CVE-ID: CVE-2020-10280)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Apache server. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
- https://github.com/aliasrobotics/RVD/issues/2555
- https://github.com/aliasrobotics/RVD/issues/2554
- https://github.com/aliasrobotics/RVD/issues/2560
- https://github.com/aliasrobotics/RVD/issues/2558
- https://github.com/aliasrobotics/RVD/issues/2562
- https://github.com/aliasrobotics/RVD/issues/2561
- https://github.com/aliasrobotics/RVD/issues/2569
- https://github.com/aliasrobotics/RVD/issues/2568