RVD icon indicating copy to clipboard operation
RVD copied to clipboard
verified publisher icon aliasrobotics

RVD#97: H-ROS API vulnerable to DoS attacks

Open aliasbot opened this issue 6 years ago • 2 comments 

{
    "id": 97,
    "title": "RVD#97: H-ROS API vulnerable to DoS attacks",
    "type": "vulnerability",
    "description": "The H-ROS API does not use any mechanism for limiting the requests that a user is able to perform in a determined set of time. This can lead to DoS attacks or premature wearing of the device.",
    "cwe": "CWE-Denial of Service (CWE-400)",
    "cve": "None",
    "keywords": [
        "malformed",
        "robot",
        "robot: MARA",
        "severity: high",
        "state: new",
        "vendor: Acutronic Robotics",
        "vulnerability"
    ],
    "system": "MARA",
    "vendor": "Acutronic Robotics",
    "severity": {
        "rvss-score": 7.5,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:Z/S:U/C:N/I:N/A:H/H:N",
        "severity-description": "high",
        "cvss-score": 7.5,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
    },
    "links": [
        "https://github.com/aliasrobotics/RVD/issues/97"
    ],
    "flaw": {
        "phase": "unknown",
        "specificity": "N/A",
        "architectural-location": "N/A",
        "application": "N/A",
        "subsystem": "N/A",
        "package": "N/A",
        "languages": "None",
        "date-detected": "2019-02-10",
        "detected-by": "",
        "detected-by-method": "N/A",
        "date-reported": "2019-02-10",
        "reported-by": "",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/97",
        "reproducibility": "",
        "trace": null,
        "reproduction": "",
        "reproduction-image": ""
    },
    "exploitation": {
        "description": "",
        "exploitation-image": "",
        "exploitation-vector": ""
    },
    "mitigation": {
        "description": "",
        "pull-request": "",
        "date-mitigation": null
    }
}

aliasbot avatar Mar 29 '19 14:03 aliasbot

Feedback (automatically generated):

  • FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see Vulnerability report template for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 27 '19 17:10 github-actions[bot]

Feedback (automatically generated):

  • FIXME: Robot or Robot component not present in summary table or invalid, see Vulnerability report template for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

github-actions[bot] avatar Oct 29 '19 13:10 github-actions[bot]