Mobile-industrial-robots Mir500 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Mobile-industrial-robots Mir500 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-10275 — CVSS 9.8 (critical): The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a…
CVE-2020-10276 — CVSS 9.8 (critical): The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded…
CVE-2020-10280 — CVSS 7.5 (high): The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking…
CVE-2020-10274 — CVSS 7.1 (high): The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from…
CVE-2020-10277 — CVSS 6.4 (medium): There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such…