Vulnerabilities Leave Automated Mobile Robots Susceptible to Attack

  • Issue

    October 12, 2021

  • Editor

    Paul Scott

  • Editor in Chief

    Amery Smock

  • Date

    10/7/2021

  • Analysis

    ICS Advisory (ICSA-21-280-02) details multiple vulnerabilities in Mobile Industrial Robots’ (MiR’s) line of Automated Mobile Robots (AMRs) [1]. Significant vulnerabilities include improper access control, missing authentication, missing encryption, weak encoding for passwords, and incorrect default permissions.

    For example, two application programming interfaces are accessible from both wired and wireless network interfaces. An actor could use the vulnerability to take control of a robot, cause a denial-of-service condition, or exfiltrate data over the web interface.

    MiR has produced more than 5,000 AMRs used to transport pallets and other loads. These AMRs operate in manufacturing facilities, logistics centers, and hospitals in more than 60 countries [2].

    As attackers could exploit these vulnerabilities to disrupt and delay the movement of materials across facilities, affecting overall production levels. We recommend MiR users plan to upgrade to the latest software version and change default credentials upon configuring the robots.

  • Sources

    [1] CISA ICS Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-280-02
    [2] Teradyne U.S. SEC Form 10-K submitted for 2020 https://investors.teradyne.com/static-files/cfd845ac-35c6-4a84-8e64-70fc2020c9d1

  • Analyst

    Joseph Agres

Previous Page | Back to Home

Subscribe

Note: The email address you provide will be stored and used for the sole purpose of sending the Industrial Cybersecurity Current Intelligence Digest. It will not otherwise be shared, sold, or intentionally disclosed. You may unsubscribe at any time by following the unsubscribe link included in each email.