ICSA-21-280-02 · Published 2021-10-07 · View on CISA ICS-CERT ↗

Mobile Industrial Robots Vehicles and MiR Fleet Software

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could lead to privilege escalation, data exfiltration, control of the robot, and a denial-of-service condition.

CVEs (10)

CVE-2017-7184 CVE-2017-18255 CVE-2020-10271 CVE-2020-10272 CVE-2020-10273 CVE-2020-10276 CVE-2020-10277 CVE-2020-10278 CVE-2020-10279 CVE-2020-10280

Remediations

MiR recommends users upgrade affected products to the latest version. New software versions can be found on the MiR Distributor portal (login required).
For more information, refer to MiR's security advisories page.
MiR instructs customers to explicitly change default credentials upon configuring the robots, including default SSID and password to the WiFi access point.

Affected Vendors

Mobile Industrial Robots (MiR)

Affected Products (2)

Mobile Industrial Robots (MiR) · MiR100 MiR200 MiR250 MiR500 MiR1000 in MiR Robot Software < 2.10.2.1

Mobile Industrial Robots (MiR) · MiR Fleet in MiR Fleet Software < 2.10.2.1

Affected Sectors

Critical Manufacturing, Healthcare and Public Health, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more