CVE-2020-10273

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data.

Related Vulnerabilities

CVE-2007-4961

HIGH
CVSS:7.5(High)

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd fie...

CWE-3112007

CVE-2016-10598

HIGH
CVSS:7.5(High)

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code ...

CWE-3112016

CVE-2016-10608

HIGH
CVSS:7.5(High)

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execut...

CWE-3112016

CVE-2017-12817

HIGH
CVSS:7.5(High)

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

CWE-3112017

CVE-2017-15581

HIGH
CVSS:7.5(High)

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a ...

CWE-3112017

CVE-2017-15609

HIGH
CVSS:7.5(High)

Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.

CWE-3112017