search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
171 stars 31 forks source link

RVD#4: ROS vulnerability affecting Raven 2 robot #4

Open aliasbot opened 6 years ago

aliasbot commented 6 years ago 
{
    "id": 4,
    "title": "RVD#4: ROS vulnerability affecting Raven 2 robot",
    "type": "vulnerability",
    "description": " Improper message verification in Applied Dexterity's Raven 2 could allow man-in-the-middle attackers to modify and send arbitrary commands by spoofing network traffic. Credits to: Tamara Bonaci, Jeffrey Herron, Tariq Yusuf, Junjie Yan, Tadayoshi Kohno, Howard Jay Chizeck from the University of Washington.",
    "cwe": "CWE-Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CWE-924)",
    "cve": "None",
    "keywords": [
        "components software",
        "robot component: ROS",
        "severity: critical",
        "vulnerability"
    ],
    "system": "ROS",
    "vendor": "Applied Dexterity",
    "severity": {
        "rvss-score": 10.0,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:Z/S:U/C:L/I:H/A:H/H:H",
        "severity-description": "critical",
        "cvss-score": 9.4,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/4"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2015-05-13",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2015-05-13",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/4",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": ""
    }
}
github-actions[bot] commented 4 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.