search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
175 stars 31 forks source link

RVD#43: Unsecured network and command injection #43

Open aliasbot opened 6 years ago

aliasbot commented 6 years ago 
{
    "id": 43,
    "title": "RVD#43: Unsecured network and command injection",
    "type": "vulnerability",
    "description": "Insecure network and command injection, network exposed services are an important attack vector. An attacker with read and write access to an FTP exposed file system can abuse network services to directly control the robot's actions.\r\n  Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
    "cwe": "CWE-Command Injection - Generic (CWE-77)",
    "cve": "None",
    "keywords": [
        "components hardware",
        "robot component: IRB140's main computer",
        "severity: critical",
        "state: new",
        "vendor: ABB",
        "vulnerability"
    ],
    "system": "IRB140's main computer",
    "vendor": "ABB",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:N/I:H/A:N/H:H",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/43"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-05-03",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-05-03",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/43",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}
github-actions[bot] commented 4 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.