RVD#33: Baxter and Sawyer expose their LAN ports on the pedestal

[aliasbot]

{
    "id": 33,
    "title": "RVD#33: Baxter and Sawyer expose their LAN ports on the pedestal",
    "type": "vulnerability",
    "description": "Baxter and Sawyer expose their LAN ports on the pedestal. These ports allow access to robot network services or add Modbus TCP capabilities.\r\nAccess to robot's network services can be achieved through these ports. Connecting an Ethernet cable allows sending commands/messages to robot services that are available through this interface.An attacker, who successfully started a connection to the ROS Master service can disable collision avoidance and detection mechanisms. Credits to: Cesar Cerrudo and Lucas Apa from IOActive",
    "cwe": "CWE-Command Injection - Generic (CWE-77)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: Baxter",
        "robot: Sawyer",
        "severity: high",
        "state: new",
        "vendor: Rethink Robotics",
        "vulnerability"
    ],
    "system": "Baxter & Sawyer",
    "vendor": "Rethink Robotics",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:PI/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:H/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/33"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-03-01",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-03-01",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/33",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.