Open
Description
{
"id": 66,
"title": "RVD#66: Download Code Without Integrity Check on IRB140's main computer",
"type": "vulnerability",
"description": "The boot image that the flex pendant downloads from the main computer is not signed and can be easily modified by an attacker who knows how to reverse engineer the file format\r\n \r\n Acknowledgement: Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero",
"cwe": "CWE-Download of Code Without Integrity Check (CWE-494)",
"cve": "None",
"keywords": [
"components hardware",
"robot component: IRB140's flex pendant",
"severity: high",
"state: new",
"vendor: ABB",
"vulnerability"
],
"system": "IRB140's flex pendant",
"vendor": "ABB",
"severity": {
"rvss-score": "None",
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:H/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/66"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2017-05-03",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2017-05-03",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/66",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}