The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively b

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this o

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible fil

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be u

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Giv

The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentia

MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifac

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-con