CVE-2020-10272
📋 TL;DR
This vulnerability allows attackers on the same network as MiR robots to take full control without authentication by exploiting exposed ROS computational graphs. It affects MiR100, MiR200, and other MiR robot models using default ROS configurations. Organizations using these robots in industrial, healthcare, or research environments are at risk.
💻 Affected Systems
- MiR100
- MiR200
- other MiR robot models
📦 What is this software?
Er Flex Firmware by Enabled Robotics
Er Lite Firmware by Enabled Robotics
Er One Firmware by Enabled Robotics
Er200 Firmware by Mobile Industrial Robotics
Mir100 Firmware by Aliasrobotics
Mir1000 Firmware by Aliasrobotics
Mir200 Firmware by Aliasrobotics
Mir250 Firmware by Aliasrobotics
Mir500 Firmware by Aliasrobotics
⚠️ Risk & Real-World Impact
Worst Case
Complete takeover of robot operations leading to physical damage, safety hazards, theft, or disruption of critical automated processes.
Likely Case
Unauthorized movement, manipulation, or data collection from robots in production environments.
If Mitigated
Limited impact if robots are isolated on segmented networks with strict access controls.
🎯 Exploit Status
Combined with CVE-2020-10269 and CVE-2020-10271 for complete control. Exploitation requires network access to robot.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ROS configurations with authentication enabled
Vendor Advisory: https://github.com/aliasrobotics/RVD/issues/2554
Restart Required: Yes
Instructions:
1. Update ROS configuration to require authentication. 2. Implement ROS security features. 3. Apply network segmentation. 4. Restart ROS nodes after configuration changes.
🔧 Temporary Workarounds
Network Segmentation
linuxIsolate robot networks from general corporate/IT networks
iptables -A INPUT -s <trusted_network> -p tcp --dport 11311 -j ACCEPT
iptables -A INPUT -p tcp --dport 11311 -j DROP
ROS Authentication Configuration
linuxEnable ROS authentication mechanisms
export ROS_MASTER_URI=http://localhost:11311
rosrun rosauth gen_key
Configure ROS nodes to use authentication
🧯 If You Can't Patch
- Segment robot network completely from other systems using VLANs or physical isolation
- Implement strict firewall rules allowing only necessary traffic to robot controllers
🔍 How to Verify
Check if Vulnerable:
Check if ROS_MASTER_URI is accessible without authentication: 'rostopic list' from another machine on same networkCheck Version:
rosversion -dVerify Fix Applied:
Attempt to access ROS topics without authentication should fail. Verify authentication is required for ROS communications.📡 Detection & Monitoring
Log Indicators:
- Unauthorized ROS topic subscriptions/publications
- Unexpected robot movement commands in logs
- ROS authentication failures
Network Indicators:
- Unusual traffic to ROS default port 11311 from unauthorized IPs
- ROS topic traffic from unexpected sources
SIEM Query:
source_port=11311 AND (NOT src_ip IN [authorized_ips])