search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
171 stars 31 forks source link

RVD#66: Download Code Without Integrity Check on IRB140's main computer #66

Open aliasbot opened 6 years ago

aliasbot commented 6 years ago 
{
    "id": 66,
    "title": "RVD#66: Download Code Without Integrity Check on IRB140's main computer",
    "type": "vulnerability",
    "description": "The boot image that the flex pendant downloads from the main computer is not signed and can be easily modified by an attacker who knows how to reverse engineer the file format\r\n \r\n  Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
    "cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
    "cve": "None",
    "keywords": [
        "components hardware",
        "robot component: IRB140's flex pendant",
        "severity: high",
        "state: new",
        "vendor: ABB",
        "vulnerability"
    ],
    "system": "IRB140's flex pendant",
    "vendor": "ABB",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:H/H:N",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/66"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-05-03",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-05-03",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/66",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}
github-actions[bot] commented 4 years ago

Feedback (automatically generated):

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.