Mobile Industrial Robots Vehicles and MiR Fleet Software

Act Now9.8ICS-CERT ICSA-21-280-02Oct 7, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in MiR mobile robot software and MiR Fleet management software allow privilege escalation, integer overflow, improper access control, weak authentication, and insufficient encryption. These flaws affect MiR100, MiR200, MiR250, MiR500, and MiR1000 robots running software versions before 2.10.2.1, as well as MiR Fleet software. Successful exploitation could allow an attacker to take control of robots, exfiltrate data, escalate privileges, or deny service to the fleet.

What this means

What could happen

An attacker could gain complete control of MiR mobile robots, allowing them to stop production, alter robot behavior, steal sensitive data from the fleet, or create safety hazards on the factory floor.

Who's at risk

Manufacturing facilities operating MiR mobile robots (MiR100, MiR200, MiR250, MiR500, MiR1000) for materials handling, assembly support, or logistics. Also affected: any organization using MiR Fleet management software to coordinate multiple robots across a facility.

How it could be exploited

An attacker with network access to a MiR robot or fleet management system could exploit multiple authentication and authorization flaws to escalate privileges without credentials. Once inside, they could execute arbitrary commands on the robot, reconfigure its behavior, or access data stored on the device or fleet management network.

Prerequisites

Network access to MiR robot(s) or MiR Fleet management system
No valid credentials required for initial exploitation

remotely exploitableno authentication requiredlow complexityhigh CVSS 9.8no patch available yetaffects automated production systems

Exploitability

Moderate exploit probability (EPSS 2.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

MiR100 MiR200 MiR250 MiR500 MiR1000 in MiR Robot Software:< 2.10.2.12.10.2.1

MiR Fleet in MiR Fleet Software:< 2.10.2.12.10.2.1

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGChange all default credentials (WiFi SSID and password) on every MiR robot immediately upon deployment

HARDENINGIsolate MiR robots and Fleet management systems from business network using firewalls or network segmentation

HARDENINGRestrict network access to MiR robots to essential management interfaces only; do not expose to the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor MiR distributor portal and apply software updates to version 2.10.2.1 or later when available

Long-term hardening

0/1

HARDENINGIf remote access to MiR systems is required, use a VPN with current security patches and require multi-factor authentication

CVEs (10)

CVE-2017-7184 CVE-2017-18255 CVE-2020-10271 CVE-2020-10272 CVE-2020-10273 CVE-2020-10276 CVE-2020-10277 CVE-2020-10278 CVE-2020-10279 CVE-2020-10280

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e38cb872-9fa8-4c7f-b46c-0357a1facee1