RVD icon indicating copy to clipboard operation
RVD copied to clipboard
verified publisher icon aliasrobotics

RVD#66: Download Code Without Integrity Check on IRB140's main computer

Open aliasbot opened this issue 7 years ago • 1 comments 

{
    "id": 66,
    "title": "RVD#66: Download Code Without Integrity Check on IRB140's main computer",
    "type": "vulnerability",
    "description": "The boot image that the flex pendant downloads from the main computer is not signed and can be easily modified by an attacker who knows how to reverse engineer the file format\r\n \r\n  Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
    "cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
    "cve": "None",
    "keywords": [
        "components hardware",
        "robot component: IRB140's flex pendant",
        "severity: high",
        "state: new",
        "vendor: ABB",
        "vulnerability"
    ],
    "system": "IRB140's flex pendant",
    "vendor": "ABB",
    "severity": {
        "rvss-score": "None",
        "rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:H/H:N",
        "severity-description": "",
        "cvss-score": 0,
        "cvss-vector": ""
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/66"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2017-05-03",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2017-05-03",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/66",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

aliasbot avatar Aug 27 '18 09:08 aliasbot

Feedback (automatically generated):

  • FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see Vulnerability report template for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 27 '19 17:10 github-actions[bot]