Mobile Industrial Robots MiR Software Information Disclosure Vulnerability

A vulnerability allowing information disclosure through error handling has been identified in Mobile Industrial Robots (MiR) software versions prior to 3.0.0. This vulnerability allows unauthenticated attackers to access verbose error pages that reveal detailed error information, including file paths and other sensitive data. Such information could potentially facilitate future exploitation attempts.

Impact

Exploitation of this vulnerability could lead to unauthorized access to detailed error information, which may include file paths and other sensitive data. This verbosity could assist attackers in planning and executing further attacks.

Remediation

Users are advised to update to the latest software version, at least version 3.0.0. If an immediate update is not possible, it is recommended to operate the MiR system in a segmented and secured network with strict firewall rules and to secure user accounts on the MiR system as outlined in the MiR Cybersecurity Guide.