Vulnerabilities Leave Automated Mobile Robots Susceptible to Attack
Issue
October 12, 2021
Editor
Paul Scott
Editor in Chief
Amery Smock
Date
10/7/2021
-
Analysis
ICS Advisory (ICSA-21-280-02) details multiple vulnerabilities in Mobile Industrial Robots’ (MiR’s) line of Automated Mobile Robots (AMRs) [1]. Significant vulnerabilities include improper access control, missing authentication, missing encryption, weak encoding for passwords, and incorrect default permissions.
For example, two application programming interfaces are accessible from both wired and wireless network interfaces. An actor could use the vulnerability to take control of a robot, cause a denial-of-service condition, or exfiltrate data over the web interface.
MiR has produced more than 5,000 AMRs used to transport pallets and other loads. These AMRs operate in manufacturing facilities, logistics centers, and hospitals in more than 60 countries [2].
As attackers could exploit these vulnerabilities to disrupt and delay the movement of materials across facilities, affecting overall production levels. We recommend MiR users plan to upgrade to the latest software version and change default credentials upon configuring the robots. -
Sources
[1] CISA ICS Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
[2] Teradyne U.S. SEC Form 10-K submitted for 2020 https://investors.teradyne.com/static-files/cfd845ac-35c6-4a84-8e64-70fc2020c9d1
Analyst