aliasrobotics / rvd Goto Github PK
View Code? Open in Web Editor NEWRobot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Home Page: https://aliasrobotics.com
License: GNU General Public License v3.0
rvd's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
arthursun1 lengyun123456 pombredanne tanrye vmayoral 5l1v3r1 landeru luuthehienhbit gopinathv95 rajivraj cvepoc vweisis shahriyarsheikh adrianamusic ferasalnaem optionalg zveriu xiaoruiguo araujorayza athul04 superstar-dev classicvalues issaaljanabi krishan0507 joseluisinigo liv3bean dstl-lwilson dtbinhrvd's Issues
rewrw
| Input | Value |
|---|---|
| Robot | UR5 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Information Disclosure (CWE-200) |
| RVSS Score | 6.5 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:L/UI:R/Y:T/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | rerwe |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | rtrtwr |
Description:
rewrewrwe
RVD#42: Poor software protection
{
"id": 42,
"title": "RVD#42: Poor software protection",
"type": "vulnerability",
"description": "On previous firmware versions of ABB's Service BoxOn top of easily accessible firmware images, researchers found that custom binaries (e.g., the embedded web server) built by some vendors include all debug information (i.e., unstripped). Generally, all but one vendor\u2019s firmware images were easy to open with Binwalk\u2019s default settings. Credits to Federico Maggi, Trend Micro Forward-Looking Threat Research, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, and Stefano Zanero, Politecnico di Milano",
"cwe": "CWE-Information Exposure Through Debug Information (CWE-215)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot component: ABB's Service Box",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "ABB's Service Box",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/42"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/42",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demo
| Input | Value |
|---|---|
| Robot | UR3 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Cross-Site Request Forgery (CSRF) (CWE-352) |
| RVSS Score | 7.3 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:N/UI:R/Y:Z/S:U/C:H/I:H/A:H/H:U |
| GitHub Account | Hsha |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | Hshaha |
Description:
hscagahscagahscagahscagahscagahscagahscagahscaga
Demo
| Input | Value |
|---|---|
| Robot | Pepper |
| Vendor | Softbank Robotics |
| CVE ID | N/A |
| CWE ID | Cross-site Scripting (XSS) - Generic (CWE-79) |
| RVSS Score | 0.0 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:L/PR:N/UI:R/Y:Z/S:U/C:N/I:N/A:N/H:U |
| GitHub Account | LanderU |
| Date Reported | 2018-07-07 |
| Date Updated | N/A |
| Exploitation vector | Test test |
Description:
testtesttesr
RVD#2: VGo Robot vulnerability
{
"id": 2,
"title": "RVD#2: VGo Robot vulnerability",
"type": "vulnerability",
"description": " An attacker may be able to capture firmware updates through the adjacent network.On versions prior to VGo Robot 3.0.3.52164 are vulnerable: 3.0.3, 3.0.2, 2.1.0, 2.0.0, 1.5.5, 1.5.0, 1.4.2\r\n Credits to: Daniel Regalado from Zingbox reported this vulnerability to NCCIC.",
"cwe": "CWE-Cleartext Transmission of Sensitive Information (CWE-319)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Vgo",
"severity: medium",
"state: new",
"vendor: Vecna",
"vulnerability"
],
"system": "VGo Robot",
"vendor": "Vecna",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:O/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/2"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2018-04-25 12:28:51",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2018-04-25 12:28:51",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/2",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demonstration
| Input | Value |
|---|---|
| Robot | Demonstration |
| Vendor | Demonstration |
| CVE ID | |
| CWE ID | |
| RVSS Score | |
| RVSS Vector | <e.g:RVSS:1.0/AV:/AC:/PR:/UI:/Y:/S:/C:/I:/A:/H:> |
| GitHub Account | aliasbot |
| Date Reported | 2018-08-09 |
| Date Updated | |
| Exploitation vector | <e.g.: Local network> |
Component
- Pick one:
- Software:
- Hardware: yes
- Robot:
RVSS (paper):
-
Pick ATTACK VECTOR
- Physical Isolated:
- Physical Restricted:
- Physical Public:
- Local:
- Internal Network:
- Adjacent Network: yes
- Remote Network:
-
Pick ATTACK COMPLEXITY
- High: yes/no
- Low:
-
PRIVILEGES REQUIRED
- High: yes
- Low:
- None:
-
USER INTERACTION
- Required: yes
- None:
-
AGE
- Unknown:
- Zero Day: yes
- 1 or less:
- Less than 3:
- More than 3:
-
SCOPE
- Unchanged: yes
- Changed:
-
CONFIDENTIALITY
- None: yes
- Low:
- High:
-
INTEGRITY
- None:
- Low:
- High: yes
-
AVAILABILITY
- None:
- Low: yes
- High:
-
SAFETY
- Unknown:
- None: yes
- Environmental:
- Human:
Description:
Demonstration
RVD#10: Relative Path Traversal vulnerability in SREA-01 and SREA-50
{
"id": 10,
"title": "RVD#10: Relative Path Traversal vulnerability in SREA-01 and SREA-50",
"type": "vulnerability",
"description": " Relative Path Traversal vulnerability in SREA-01 and SREA-50 legacy remote monitoring tools and Ethernet adapters in ABB could access files on the affected products' file systems, view data, change configuration, retrieve password hash codes, and potentially insert and send commands to connected devices without authorization via HTTP request which refers to files using ../../ relative paths",
"cwe": "CWE-22",
"cve": "CVE-2017-9664",
"keywords": [
"components hardware",
"severity: critical",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "SREA-01 rev.A/B/C up to 3.31.5 SREA-50 rev.A up to 3.32.8",
"vendor": "`ABB Asea Brown Boveri Ltd`",
"severity": {
"rvss-score": "10.0",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:M/S:U/C:L/I:H/A:H/H:N",
"severity-description": "Critical",
"cvss-score": 9.4,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/"
},
"links": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-9664"
],
"flaw": {
"phase": "testing",
"specificity": "Runtime-operation",
"architectural-location": "Platform Code",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-06-14",
"detected-by": "Bertin Jose, Ezequiel Fernandez",
"detected-by-method": "testing_dynamic",
"date-reported": "2018-08-07",
"reported-by": "Alias Robotics",
"reported-by-relationship": "Security Researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/10",
"reproducibility": "Always",
"trace": "N/A",
"reproduction": "N/A",
"reproduction-image": "N/A"
},
"exploitation": {
"description": "N/A",
"exploitation-image": "N/A",
"exploitation-vector": "N/A"
},
"mitigation": {
"description": "Products are based on a legacy software platform which is no longer actively maintained. The problem is corrected by installing a patch that is available at the following location",
"pull-request": "http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A1782&LanguageCode=en&DocumentPartId=&Action=Launch",
"date-mitigation": null,
}
}Demo
| Input | Value |
|---|---|
| Robot | UR5 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Array Index Underflow (CWE-129) |
| RVSS Score | 6.8 |
| RVSS Vector | RVSS:1.0/AV:AN/AC:H/PR:H/UI:N/Y:U/S:C/C:H/I:H/A:N/H:E |
| GitHub Account | dmayoral |
| Date Reported | 2018-08-21 |
| Date Updated | N/A |
| Exploitation vector | Network |
Description:
asda
RVD#11: Improper authorization mechanism in Rethink Robotics's Baxter SDK/RSDK
{
"id": 11,
"title": "RVD#11: Improper authorization mechanism in Rethink Robotics's Baxter SDK/RSDK ",
"type": "vulnerability",
"description": " Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor could allow man-in-the-middle attackers to eavesdrop sensitive or security critical communications or affect integrity of sent data.On versions: Baxter/Sawyer v3.3.2 Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Improper Authorization (CWE-285)",
"cve": "None",
"keywords": [
"robot",
"robot: Baxter",
"robot: Sawyer",
"severity: critical",
"state: new",
"vendor: Rethink Robotics",
"vulnerability"
],
"system": "Baxter, Sawyer SDK/Intera SDK",
"vendor": "Rethink Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:L/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/11"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/11",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#4: ROS vulnerability affecting Raven 2 robot
{
"id": 4,
"title": "RVD#4: ROS vulnerability affecting Raven 2 robot",
"type": "vulnerability",
"description": " Improper message verification in Applied Dexterity's Raven 2 could allow man-in-the-middle attackers to modify and send arbitrary commands by spoofing network traffic. Credits to: Tamara Bonaci, Jeffrey Herron, Tariq Yusuf, Junjie Yan, Tadayoshi Kohno, Howard Jay Chizeck from the University of Washington.",
"cwe": "CWE-Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CWE-924)",
"cve": "None",
"keywords": [
"components software",
"robot component: ROS",
"severity: critical",
"vulnerability"
],
"system": "ROS",
"vendor": "Applied Dexterity",
"severity": {
"rvss-score": 10.0,
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:Z/S:U/C:L/I:H/A:H/H:H",
"severity-description": "critical",
"cvss-score": 9.4,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/4"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2015-05-13",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2015-05-13",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/4",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": ""
}
}RVD#8: Missing authorization mechanisms in Robotis RoboPlus protocol
{
"id": 8,
"title": "RVD#8: Missing authorization mechanisms in Robotis RoboPlus protocol",
"type": "vulnerability",
"description": "Missing authorization mechanisms in Robotis RoboPlus protocol allow remote attackers to unauthorizedly control the robot via network communication.On version: 2015-03-26 Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Missing Authorization (CWE-862)",
"cve": "None",
"keywords": [
"components software",
"robot component: OP2 Firmware",
"severity: critical",
"state: new",
"vulnerability"
],
"system": "OP2 Firmware",
"vendor": "Robotis",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:H/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/8"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/8",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demonstration
| Input | Value |
|---|---|
| Robot | UR10 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Information Disclosure (CWE-200) |
| RVSS Score | 6.5 |
| RVSS Vector | RVSS:1.0/AV:IN/AC:L/PR:L/UI:R/Y:T/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | Demonstration |
| Date Reported | 2018-08-09 |
| Date Updated | N/A |
| Exploitation vector | Demonstration |
Description:
Demonstration
RVD#38: App-to-Server Missing Encryption
{
"id": 38,
"title": "RVD#38: App-to-Server Missing Encryption",
"type": "vulnerability",
"description": "The Alpha 1S android application does not verify any cryptographic signature when downloading and installing the APK update into the mobile device. Furthermore, due to \"App-to-Server Missing Encryption\" it is possible to perform a man-in-the-middle attack in order to change the APK URL and install a customized malware on the device. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Missing Encryption of Sensitive Data (CWE-311)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: Alpha 1S android application",
"severity: high",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 1S android application",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:R/Y:T/S:C/C:H/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/38"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/38",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#33: Baxter and Sawyer expose their LAN ports on the pedestal
{
"id": 33,
"title": "RVD#33: Baxter and Sawyer expose their LAN ports on the pedestal",
"type": "vulnerability",
"description": "Baxter and Sawyer expose their LAN ports on the pedestal. These ports allow access to robot network services or add Modbus TCP capabilities.\r\nAccess to robot's network services can be achieved through these ports. Connecting an Ethernet cable allows sending commands/messages to robot services that are available through this interface.An attacker, who successfully started a connection to the ROS Master service can disable collision avoidance and detection mechanisms. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Baxter",
"robot: Sawyer",
"severity: high",
"state: new",
"vendor: Rethink Robotics",
"vulnerability"
],
"system": "Baxter & Sawyer",
"vendor": "Rethink Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:PI/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:H/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/33"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/33",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#6: UR3, UR5, UR10 Stack-based buffer overflow
{
"id": 6,
"title": "RVD#6: UR3, UR5, UR10 Stack-based buffer overflow",
"type": "vulnerability",
"description": " An stack-based buffer overflow in Universal Robots Modbus TCP service could allow remote attackers to execute arbitrary code and alter protected settings via specially crafted packets.On version 3.1-3.3.4-310 Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Stack Overflow (CWE-121)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: UR3",
"severity: critical",
"vendor: Universal Robots",
"vulnerability"
],
"system": "UR3, UR5, UR10",
"vendor": "Universal Robots",
"severity": {
"rvss-score": "10.0",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:H/H:H",
"severity-description": "critical",
"cvss-score": 10.0,
"cvss-vector": "CVSS:3.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:H"
},
"links": [
"https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf",
"https://ioactive.com/exploiting-industrial-collaborative-robots/",
"https://github.com/aliasrobotics/RVD/issues/6",
"https://2017.zeronights.org/wp-content/uploads/materials/ZN17_Lucas_Robots.pdf"
],
"flaw": {
"phase": "testing",
"specificity": "subject-specific",
"architectural-location": "application-specific code",
"application": "manipulation",
"subsystem": "actuation:manipulator",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Lucas Apa (IOActive)",
"detected-by-method": "testing violation",
"date-reported": "2017-03-01",
"reported-by": "Lucas Apa (IOActive)",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/6",
"reproducibility": "always",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demo
| Input | Value |
|---|---|
| Robot | UR3 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | CRLF Injection (CWE-93) |
| RVSS Score | 7.2 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:N/UI:R/Y:M/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | xabierpb |
| Date Reported | 1986-04-05 |
| Date Updated | 1986-04-05 |
| Exploitation vector | cbz |
Description:
zxbczcbzzcxb
RVD#40: Previous firmware revisions to 11.2s2 are vulnerable to authentication bypass
{
"id": 40,
"title": "RVD#40: Previous firmware revisions to 11.2s2 are vulnerable to authentication bypass",
"type": "vulnerability",
"description": "After analyzing ABB\u2019s Service Box device in a black box fashion and discovered a severe authentication-bypass vulnerability that allows an attacker to read the configuration and some device information (e.g., event logs) without knowing the administrator password. This vulnerability was disclosed to the vendor (through ABB), which fixed the issue in the latest firmware revision (11.2s2).## Credits to Federico Maggi, Trend Micro Forward-Looking Threat Research, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, and Stefano Zanero, Politecnico di Milano",
"cwe": "CWE-Improper Authentication - Generic (CWE-287)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: ABB's Service Box",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "ABB's Service Box",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/40"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/40",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demonstration
| Input | Value |
|---|---|
| Robot | Demonstration |
| Vendor | Demonstration |
| CVE ID | N/A |
| CWE ID | Buffer Under-read (CWE-127) |
| RVSS Score | 5.4 |
| RVSS Vector | RVSS:1.0/AV:AN/AC:L/PR:H/UI:R/Y:Z/S:U/C:L/I:L/A:H/H:N |
| GitHub Account | Demonstration |
| Date Reported | 2018-08-09 |
| Date Updated | N/A |
| Exploitation vector | Demonstration |
Description:
Demonstration
RVD#9: Improper authorization mechanism in SoftBank's Pepper and NAO robots
{
"id": 9,
"title": "RVD#9: Improper authorization mechanism in SoftBank's Pepper and NAO robots ",
"type": "vulnerability",
"description": " Improper authorization mechanism in SoftBank's Pepper and NAO robots could allow remote attackers to gain unrestricted access to robot configuration and sensor data via an unsecured object proxy mechanism. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-285",
"cve": "None",
"keywords": [
"robot: NAO",
"robot: Pepper",
"vendor: SoftBank Robotics",
"vulnerability"
],
"system": "NAO / Pepper NAOqi",
"vendor": "SoftBank Robotics",
"severity": {
"rvss-score": 8.2,
"rvss-vector": "RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:M/S:U/C:H/I:H/A:L/H:U",
"severity-description": "High",
"cvss-score": 9.4,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/14"
],
"flaw": {
"phase": "testing",
"specificity": "general-issue",
"architectural-location": "platform code",
"application": "NaoQi",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Cesar Cerrudo and Lucas Apa from IOActive",
"detected-by-method": "Testing dynamic",
"date-reported": "2017-03-01",
"reported-by": "Alias Robotics",
"reported-by-relationship": "Security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/14",
"reproducibility": "Always",
"trace": "N/A",
"reproduction": "N/A",
"reproduction-image": "N/A"
},
"exploitation": {
"description": "N/A",
"exploitation-image": "N/A",
"exploitation-vector": "N/A"
},
"mitigation": {
"description": "N/A",
"pull-request": "N/A",
"date-mitigation": "N/A",
}
}Demo
| Input | Value |
|---|---|
| Robot | Sawyer |
| Vendor | Rethink Robotics |
| CVE ID | N/A |
| CWE ID | Client-Side Enforcement of Server-Side Security (CWE-602) |
| RVSS Score | 10.0 |
| RVSS Vector | RVSS:1.0/AV:RN/AC:L/PR:N/UI:R/Y:T/S:C/C:H/I:H/A:N/H:H |
| GitHub Account | Unaiayu |
| Date Reported | 2018-08-24 |
| Date Updated | N/A |
| Exploitation vector | Local network |
Description:
This is a second try
fgdgf
| Input | Value |
|---|---|
| Robot | UR5 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Buffer Over-read (CWE-126) |
| RVSS Score | 0.0 |
| RVSS Vector | RVSS:1.0/AV:L/AC:L/PR:H/UI:N/Y:U/S:U/C:N/I:N/A:N/H:U |
| GitHub Account | gf |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | werfg |
Description:
qwef
test
| Input | Value |
|---|---|
| Robot | Others |
| Vendor | N/A |
| CVE ID | N/A |
| CWE ID | Business Logic Errors (CWE-840) |
| RVSS Score | 5.9 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:L/PR:L/UI:R/Y:T/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | LanderU |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | Test |
Description:
Outside test
RVD#43: Unsecured network and command injection
{
"id": 43,
"title": "RVD#43: Unsecured network and command injection",
"type": "vulnerability",
"description": "Insecure network and command injection, network exposed services are an important attack vector. An attacker with read and write access to an FTP exposed file system can abuse network services to directly control the robot's actions.\r\n Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: IRB140's main computer",
"severity: critical",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "IRB140's main computer",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/43"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/43",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#36: The PAL Robotics REEM-C exposes Ethernet and USB ports.
{
"id": 36,
"title": "RVD#36: The PAL Robotics REEM-C exposes Ethernet and USB ports.",
"type": "vulnerability",
"description": "The PAL Robotics REEM-C exposes Ethernet and USB ports.Robot joints can be controlled over these ports, robot actions updated/changed or configurations modified. Connecting a special USB device, that act as a keyboard, can type malicious commands9 to the robot or change settings. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: REEM-C",
"severity: high",
"state: new",
"vendor: PAL Robotics",
"vulnerability"
],
"system": "REEM-C",
"vendor": "PAL Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:PP/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/36"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/36",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#3: Rovio improper implemented authentication
{
"id": 3,
"title": "RVD#3: Rovio improper implemented authentication",
"type": "vulnerability",
"description": " Improper implemented authentication mechanisms in WowWee Rovio could allow local network attackers to access sensitive information via web access to unsecure WebUI resources.On version 4.7b.201\r\n Credits to: Brian Dowling of Simplicity Communications disclosed this vulnerability to WowWee.",
"cwe": "CWE-Missing Authorization (CWE-862)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Rovio",
"severity: critical",
"state: new",
"vendor: WowWee",
"vulnerability"
],
"system": "Rovio",
"vendor": "WowWee",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:M/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/3"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2009-01-06",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2009-01-06",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/3",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#35: Pepper's head plastic lid can be easily removed to access the LAN port
{
"id": 35,
"title": "RVD#35: Pepper's head plastic lid can be easily removed to access the LAN port",
"type": "vulnerability",
"description": "Pepper's head plastic lid can be easily removed to access the LAN port. Port allows access to robot network services.Access to robot's network services can be achieved through these ports. Connecting an Ethernet cable allows sending commands/messages to robot services that are available through this interface. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Pepper",
"severity: high",
"state: new",
"vendor: SoftBank Robotics",
"vulnerability"
],
"system": "Pepper",
"vendor": "SoftBank Robotics",
"severity": {
"rvss-score": "8.4",
"rvss-vector": "RVSS:1.0/AV:PP/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
"severity-description": "high",
"cvss-score": 4.2,
"cvss-vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/35"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/35",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#1: VGo Robot vulnerability: OS Command Injection
{
"id": 1,
"title": "RVD#1: VGo Robot vulnerability: OS Command Injection",
"type": "vulnerability",
"description": "An attacker on an adjacent network could perform command injectionOn versions prior to VGo Robot 3.0.3.52164 are vulnerable: 3.0.3, 3.0.2, 2.1.0, 2.0.0, 1.5.5, 1.5.0, 1.4.2\r\n Credits to: Daniel Regalado from Zingbox reported this vulnerability to NCCIC.\r\n ",
"cwe": "CWE-OS Command Injection (CWE-78)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Vgo",
"severity: critical",
"state: new",
"vendor: Vecna",
"vulnerability"
],
"system": "VGo Robot",
"vendor": "Vecna",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:O/S:U/C:H/I:H/A:H/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/1"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2018-04-25 12:28:51",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2018-04-25 12:28:51",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/1",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}dsadsa
| Input | Value |
|---|---|
| Robot Component | Others |
| Vendor | N/A |
| CVE ID | N/A |
| CWE ID | CRLF Injection (CWE-93) |
| RVSS Score | 6.5 |
| RVSS Vector | RVSS:1.0/AV:RN/AC:L/PR:N/UI:R/Y:Z/S:U/C:H/I:N/A:N/H:U |
| GitHub Account | shit |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | shit |
Description:
shit
Demonstration
| Input | Value |
|---|---|
| Robot | Demonstration |
| Vendor | Demonstration |
| CVE ID | N/A |
| CWE ID | Buffer Under-read (CWE-127) |
| RVSS Score | 6.8 |
| RVSS Vector | RVSS:1.0/AV:RN/AC:L/PR:L/UI:R/Y:Z/S:U/C:L/I:L/A:H/H:N |
| GitHub Account | Demonstration |
| Date Reported | 2018-08-09 |
| Date Updated | N/A |
| Exploitation vector | Demonstration |
Description:
Demonstration
RVD#5: ROS vulnerability affecting Raven 2 Robot: Denial of Service
{
"id": 5,
"title": "RVD#5: ROS vulnerability affecting Raven 2 Robot: Denial of Service",
"type": "vulnerability",
"description": " Improper message verification in Applied Dexterity's Raven 2 could allow man-in-the-middle attackers cause a Denial-of-Service situation by sending out of safety-range commands and triggering the safety stop mechanism via spoofed network traffic. Credits to: Tamara Bonaci, Jeffrey Herron, Tariq Yusuf, Junjie Yan, Tadayoshi Kohno, Howard Jay Chizeck from the University of Washington",
"cwe": "CWE-Denial of Service (CWE-400)",
"cve": "None",
"keywords": [
"components software",
"robot component: ROS",
"severity: critical",
"vulnerability"
],
"system": "ROS",
"vendor": "N/A",
"severity": {
"rvss-score": 10.0,
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:Z/S:U/C:L/I:H/A:H/H:H",
"severity-description": "critical",
"cvss-score": 9.4,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/5"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2015-05-13",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2015-05-13",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/5",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": ""
}
}RVD#39: Remote Firmware Upgrade in Alpha 1S As
{
"id": 39,
"title": "RVD#39: Remote Firmware Upgrade in Alpha 1S As",
"type": "vulnerability",
"description": "It is possible to remotely upgrade the Alpha 1S firmware by sending an undocumented command through Bluetooth. Furthermore, binaries from UBTech are not cryptographically signed, in consequence, they could be replaced by malicious files that change the normal behaviour of the robots.\r\nThe following code from the EngineUpdateManager function on the Alpha 1S Android App downloads and installs an update file on the remote robot without checking the update's cryptographic integrity and authenticityIt is possible to upgrade its firmware by sending a special Bluetooth command and new firmware data. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Alpha 1S",
"severity: critical",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 1S",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:N/UI:N/Y:T/S:C/C:H/I:H/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/39"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/39",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Hacker Amateur
| Input | Value |
|---|---|
| Robot Component | ROS2 |
| Vendor | N/A |
| CVE ID | N/A |
| CWE ID | Cross-Site Request Forgery (CSRF) (CWE-352) |
| RVSS Score | 4.4 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:H/PR:H/UI:R/Y:T/S:U/C:H/I:L/A:N/H:N |
| GitHub Account | dmayoralv |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | EVERYWHERE |
Description:
Today is the DOOM DAY
Jajaka
| Input | Value |
|---|---|
| Robot | UR3 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Array Index Underflow (CWE-129) |
| RVSS Score | 5.6 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:N/UI:R/Y:Z/S:U/C:L/I:N/A:H/H:U |
| GitHub Account | Jajaja |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | Hahaha |
Description:
hdhshaj
test
| Input | Value |
|---|---|
| Robot | test |
| Vendor | test |
| CVE ID | N/A |
| CWE ID | Array Index Underflow (CWE-129) |
| RVSS Score | 0.0 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:H/PR:H/UI:R/Y:U/S:U/C:N/I:N/A:N/H:U |
| GitHub Account | test |
| Date Reported | 2010-02-02 |
| Date Updated | N/A |
| Exploitation vector | test |
Description:
test
dafd
| Input | Value |
|---|---|
| Robot | Pepper |
| Vendor | Softbank Robotics |
| CVE ID | N/A |
| CWE ID | Array Index Underflow (CWE-129) |
| RVSS Score | 5.7 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:L/UI:R/Y:Z/S:U/C:L/I:L/A:H/H:U |
| GitHub Account | aliasbot |
| Date Reported | 2017-03-01 |
| Date Updated | 2017-03-01 |
| Exploitation vector | dfsda |
Description:
dafgdfdaf
Demo
| Input | Value |
|---|---|
| Robot | UR10 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | CRLF Injection (CWE-93) |
| RVSS Score | 6.2 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:L/UI:R/Y:Z/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | Phone |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | Gska |
Description:
gjsjaj
dsadas
| Input | Value |
|---|---|
| Robot | Sawyer |
| Vendor | Rethink Robotics |
| CVE ID | N/A |
| CWE ID | Password in Configuration File/s (CWE-260) |
| RVSS Score | 6.5 |
| RVSS Vector | RVSS:1.0/AV:PR/AC:L/PR:L/UI:R/Y:T/S:U/C:H/I:N/A:H/H:U |
| GitHub Account | dsdsa |
| Date Reported | 2018-08-08 |
| Date Updated | N/A |
| Exploitation vector | dsadafa |
Description:
fdsfdsfs
RVD#41: Poor transport encryption
{
"id": 41,
"title": "RVD#41: Poor transport encryption",
"type": "vulnerability",
"description": "On previous firmware versions of ABB's Service BoxThe device has outdated cryptographic libraries or ciphers, as explained above, also fall in this category.Web-based administration interfaces are not always on HTTPS despite being the main access point for management. Credits to Federico Maggi, Trend Micro Forward-Looking Threat Research, Davide Quarta, Marcello Pogliani, Mario Polino, Andrea M. Zanchettin, and Stefano Zanero, Politecnico di Milano",
"cwe": "CWE-Inadequate Encryption Strength (CWE-326)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: ABB's Service Box",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "ABB's Service Box",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/41"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/41",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#14: Insecure transport in SoftBank's Pepper and NAO robot's Qi Protocol
{
"id": 14,
"title": "RVD#14: Insecure transport in SoftBank's Pepper and NAO robot's Qi Protocol",
"type": "vulnerability",
"description": "Insecure transport in SoftBank's Pepper and NAO robot's Qi Protocol could allow man-in-the-middle attackers to eavesdrop sensitive information or affect integrity of sent data.On all versions.",
"cwe": "CWE-319",
"cve": "N/A",
"keywords": [
"robot: NAO",
"robot: Pepper",
"severity: critical",
"vendor: SoftBank Robotics",
],
"system": "NAO / Pepper",
"vendor": "SoftBank Robotics",
"severity": {
"rvss-score": "7.5",
"rvss-vector": "RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:M/S:U/C:H/I:L/A:L/H:U",
"severity-description": "High",
"cvss-score": "8.6",
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/14"
],
"flaw": {
"phase": "testing",
"specificity": "general-issue",
"architectural-location": "platform code",
"application": "NaoQi",
"subsystem": "HTTP communication layer",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Cesar Cerrudo and Lucas Apa from IOActive",
"detected-by-method": "Testing dynamic",
"date-reported": "2017-03-01",
"reported-by": "Alias Robotics",
"reported-by-relationship": "Security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/14",
"reproducibility": "Always",
"trace": "N/A",
"reproduction": "N/A",
"reproduction-image": "N/A"
},
"exploitation": {
"description": "N/A",
"exploitation-image": "N/A",
"exploitation-vector": "N/A"
},
"mitigation": {
"description": "N/A",
"pull-request": "N/A",
"date-mitigation": null
}
}RVD#7: Missing authorization mechanisms in V-Sido OS
{
"id": 7,
"title": "RVD#7: Missing authorization mechanisms in V-Sido OS",
"type": "vulnerability",
"description": "Missing authorization mechanisms in Asratec's V-Sido OS could allow remote attackers to unauthorizedly control the robot.\r\n Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-CWE-862: Missing Authorization",
"cve": "None",
"keywords": [
"components software",
"robot component: V-Sido OS",
"severity: critical",
"state: new",
"vulnerability"
],
"system": "V-Sido OS",
"vendor": "Asratec",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:H/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/7"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/7",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demo
| Input | Value |
|---|---|
| Robot | Others |
| Vendor | N/A |
| CVE ID | N/A |
| CWE ID | Buffer Underflow (CWE-124) |
| RVSS Score | 7.9 |
| RVSS Vector | RVSS:1.0/AV:L/AC:L/PR:L/UI:N/Y:Z/S:C/C:H/I:N/A:H/H:E |
| GitHub Account | Dunai |
| Date Reported | 2018-08-24 |
| Date Updated | N/A |
| Exploitation vector | Local network |
Description:
Third try
RVD#12: Authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console
{
"id": 12,
"title": "RVD#12: Authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console",
"type": "vulnerability",
"description": " An authentication bypass vulnerability in SoftBank's Pepper and NAO robots's web console could allow remote attackers to gain access to restricted resources and alter settings via web browser request tampering. Affects all versions",
"cwe": "CWE-287",
"cve": "None",
"keywords": [
"robot: NAO",
"robot: Pepper",
"vendor: SoftBank Robotics",
"vulnerability"
],
"system": "NAO / Pepper",
"vendor": "SoftBank Robotics",
"severity": {
"rvss-score": 7.9,
"rvss-vector": "RVSS:1.0/AV:IN/AC:L/PR:N/UI:R/Y:M/S:U/C:H/I:H/A:H/H:N",
"severity-description": "High",
"cvss-score": 8.8,
"cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/"
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/14"
],
"flaw": {
"phase": "testing",
"specificity": "general-issue",
"architectural-location": "platform code",
"application": "NaoQi",
"subsystem": "web console",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Cesar Cerrudo and Lucas Apa from IOActive",
"detected-by-method": "Testing dynamic",
"date-reported": "2017-03-01",
"reported-by": "Alias Robotics",
"reported-by-relationship": "Security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/14",
"reproducibility": "Always",
"trace": "N/A",
"reproduction": "N/A",
"reproduction-image": "N/A"
},
"exploitation": {
"description": "N/A",
"exploitation-image": "N/A",
"exploitation-vector": "N/A"
},
"mitigation": {
"description": "N/A",
"pull-request": "N/A",
"date-mitigation": null
}
}Demonstration
| Input | Value |
|---|---|
| Robot | Demonstration |
| Vendor | Demonstration |
| CVE ID | N/A |
| CWE ID | Buffer Underflow (CWE-124) |
| RVSS Score | 5.2 |
| RVSS Vector | RVSS:1.0/AV:RN/AC:L/PR:H/UI:R/Y:Z/S:U/C:N/I:L/A:H/H:N |
| GitHub Account | Demonstration |
| Date Reported | 2018-08-09 |
| Date Updated | N/A |
| Exploitation vector | Demonstration |
Description:
Demonstration
RVD#37: Insecure Storage Exposing
{
"id": 37,
"title": "RVD#37: Insecure Storage Exposing",
"type": "vulnerability",
"description": "Exposing unencrypted storage cards such as SD Cards could allow attackers to change robot actions or any other downloadable content that is stored on this card.The android application from UBTech Alpha 2 does not remove the QR code generated from the SDCard once generated during the first robot pairing. This code contains the WiFi password that is configured on the robot.The SD card contains the pairing QR code with the robot's Wi-Fi password in plaintext. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Plaintext Storage of a Password (CWE-256)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Alpha 2",
"severity: high",
"state: new",
"vendor: UBTech Robotics",
"vulnerability"
],
"system": "Alpha 2",
"vendor": "UBTech Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:PP/AC:L/PR:N/UI:R/Y:T/S:C/C:L/I:L/A:N/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/37"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/37",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#15: Insecure transport in Universal Robots's robot-to-robot communications
{
"id": 15,
"title": "RVD#15: Insecure transport in Universal Robots's robot-to-robot communications ",
"type": "vulnerability",
"description": "Insecure transport in Universal Robots's robot-to-robot communications could allow man-in-the-middle attackers to eavesdrop sensitive information or affect integrity of sent data.On versions: Alpha2Services--0520-english-1.1.0.1.jar, Alpha2Services.jar Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Cleartext Transmission of Sensitive Information (CWE-319)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: UR10",
"robot: UR3",
"robot: UR5",
"severity: critical",
"state: new",
"vendor: Universal Robots",
"vulnerability"
],
"system": "UR3, UR5, UR10",
"vendor": "Universal Robots",
"severity": {
"rvss-score": 10.0,
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:L/H:H",
"severity-description": "critical",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf",
"https://ioactive.com/exploiting-industrial-collaborative-robots/",
"https://github.com/aliasrobotics/RVD/issues/15"
],
"flaw": {
"phase": "testing",
"specificity": "subject-specific",
"architectural-location": "application-specific code",
"application": "manipulation",
"subsystem": "actuation:manipulator",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Lucas Apa (IOActive)",
"detected-by-method": "testing violation",
"date-reported": "2017-03-01",
"reported-by": "Lucas Apa (IOActive)",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/6",
"reproducibility": "always",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Demo
| Input | Value |
|---|---|
| Robot | UR5 |
| Vendor | Universal Robots |
| CVE ID | N/A |
| CWE ID | Buffer Over-read (CWE-126) |
| RVSS Score | 3.4 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:H/PR:H/UI:R/Y:T/S:C/C:N/I:N/A:L/H:E |
| GitHub Account | Jdjd |
| Date Reported | 1989-09-09 |
| Date Updated | 1989-10-09 |
| Exploitation vector | Jdjdj |
Description:
sjjsjd
Demo
| Input | Value |
|---|---|
| Robot | Baxter |
| Vendor | Rethink Robotics |
| CVE ID | N/A |
| CWE ID | Client-Side Enforcement of Server-Side Security (CWE-602) |
| RVSS Score | 3.5 |
| RVSS Vector | RVSS:1.0/AV:PI/AC:H/PR:H/UI:R/Y:U/S:U/C:L/I:L/A:L/H:N |
| GitHub Account | Unaiayu |
| Date Reported | 2018-08-24 |
| Date Updated | N/A |
| Exploitation vector | Local network |
Description:
Tryal from Firefox
RVD#44: Weak authentication on robot's main computer
{
"id": 44,
"title": "RVD#44: Weak authentication on robot's main computer",
"type": "vulnerability",
"description": "Researchers discovered that an attacker can bypass the User Authentication System (UAS) because of several implementation flaws: \r\n1) disabled authentication during system boot\r\n2) use of a default user name (without a password) that cannot be changed or removed\r\n3) the use of a specific user that comes with a set of unchangeable hardcoded credentialsIt is possible to violate a robot\u2019s integrity through the control-loop alteration and calibration parameters tampering approaches described earlier. We wanted to overshoot the joints in order to collapse the robot on itself and force the servo motors beyond their physical, structural limits. Note that this attack is costly and potentially destructive because its goal is to damage the robot.Alternatively, an attacker could use the robot state alteration approach to repeatedly and abruptly start and stop a servo motor, causing electromechanical components, the brakes, and the servo motor to wear. Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
"cwe": "CWE-Improper Authentication - Generic (CWE-287)",
"cve": "None",
"keywords": [
"components hardware",
"malformed",
"robot component: IRB140's main computer",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "IRB140's main computer",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:H/UI:N/Y:T/S:U/C:N/I:H/A:L/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/44"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/44",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#16: Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor
{
"id": 16,
"title": "RVD#16: Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor",
"type": "vulnerability",
"description": "Insecure transport in Rethink Robotics's Baxter & Sawyer Task Editor could allow man-in-the-middle attackers to eavesdrop sensitive or security critical communications or affect integrity of sent data.On versions: All versions## Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Cleartext Transmission of Sensitive Information (CWE-319)",
"cve": "None",
"keywords": [
"components software",
"malformed",
"robot",
"robot component: Sawyer Task Editor",
"robot: Baxter",
"severity: critical",
"state: new",
"vendor: Rethink Robotics",
"vulnerability"
],
"system": "Baxter/Sawyer Task Editor",
"vendor": "Rethink Robotics",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:L/H:H",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/16"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-03-01",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/16",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}RVD#34: Universal Robots Controller supports wireless mouse/keyboards on their USB interface
{
"id": 34,
"title": "RVD#34: Universal Robots Controller supports wireless mouse/keyboards on their USB interface",
"type": "vulnerability",
"description": "Universal Robots Controller supports wireless mouse/keyboards on their USB interface. A special USB device acting as a keyboard can inject keystrokes to potentially change settings on the robot or manipulate actions.Robot joints can be controlled over these ports, robot actions updated/changed or configurations modified. Connecting a special USB device, that act as a keyboard, can type malicious commands to the robot or change settings. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
"cwe": "CWE-Command Injection - Generic (CWE-77)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: Universal Robots Controller",
"severity: high",
"state: new",
"vendor: Universal Robots",
"vulnerability"
],
"system": "Universal Robots Controller",
"vendor": "Universal Robots",
"severity": {
"rvss-score": 7.0,
"rvss-vector": "RVSS:1.0/AV:PI/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
"severity-description": "high",
"cvss-score": 4.2,
"cvss-vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"links": [
"https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf",
"https://ioactive.com/exploiting-industrial-collaborative-robots/",
"https://github.com/aliasrobotics/RVD/issues/34"
],
"flaw": {
"phase": "testing",
"specificity": "subject-specific",
"architectural-location": "application-specific code",
"application": "manipulation",
"subsystem": "actuation:manipulator",
"package": "N/A",
"languages": "None",
"date-detected": "2017-03-01",
"detected-by": "Lucas Apa (IOActive)",
"detected-by-method": "testing violation",
"date-reported": "2017-03-01",
"reported-by": "Lucas Apa (IOActive)",
"reported-by-relationship": "security researcher",
"issue": "https://github.com/aliasrobotics/RVD/issues/6",
"reproducibility": "always",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.