Mobile Industrial Robots MiR Software Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the web interface of Mobile Industrial Robots (MiR) software versions prior to 3.0.0, affecting both MiR Robots and MiR Fleet. This vulnerability allows for the execution of arbitrary JavaScript code in the browser of a victim user.

Impact

Exploitation of this vulnerability could lead to the execution of malicious JavaScript in the context of the victim's browser, potentially allowing for the theft of cookies, session tokens, or other sensitive information accessible through the browser.

Remediation

Users are advised to update to the latest software version, at least version 3.0.0. If an immediate update is not possible, it is recommended to operate the MiR system in a segmented and secured network with strict firewall rules and to secure user accounts on the MiR system as recommended in the MiR Cybersecurity Guide.