Víctor Mayoral Vilches

icon indicating a website link https://accelerationrobotics.com icon indicating an email [email protected]

icon company Acceleration Robotics icon location Vitoria, Spain icon location Roboticist. AI and security enthusiast.

Results 57 issues of Víctor Mayoral Vilches

RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0

4 comment

```yaml id: 3315 title: 'RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0' type: vulnerability description: This vulnerability applies to the Micro Air Vehicle Link (MAVLink)...

components software
vulnerability
severity: high
robot component: PX4
robot component: Ardupilot
robot component: MAVLink
version: 1.0
version: 2.0

RVD#922: SROS2 leaks node information

2 comment

```yaml cve: CVE-2019-19625 cwe: CWE-200 (Information Exposure) description: We found that SROS 2, the tools to generate and distribute keys for ROS 2 and use the underlying security plugins of...

severity: medium
components software
vulnerability
robot component: ROS2
version: dashing
exposure
package: sros2
version: eloquent

RVD#446: Confidentiality loss of the context of the connection during handshake in ROS 2

3 comment

```yaml { "id": 446, "title": "RVD#446: Confidentiality loss of the context of the connection during handshake in ROS 2", "type": "vulnerability", "description": "First reported at https://issues.omg.org/issues/DDSSEC12-13. Described later in more...

components software
vulnerability
robot component: ROS2
robot component: FastRTPS
vendor: eProsima
vendor: RTI
vendor: ADLINK
triage

RVD#1410: OpenSSH remote DoS in CB

2 comment

```yaml { "id": 1410, "title": "RVD#1410: OpenSSH remote DoS in CB", "type": "vulnerability", "description": "We found that the Universal Robots Controllers' file system based in Debian is subject to CVE-2016-6210...

vulnerability
vendor: Universal Robots
robot: UR3
robot: UR5
robot: UR10
severity: high
robot component: Universal Robots Controller

RVD#926: SROS2 leaks node information, regardless of rtps_protection_kind setup

1 comment

```yaml { "id": 926, "title": "RVD#926: SROS2 leaks node information, regardless of rtps_protection_kind setup", "type": "vulnerability", "description": "We found that regardless of the rtps_protection_kind configuration, SROS 2 leaks ROS 2...

severity: medium
components software
vulnerability
robot component: ROS2
version: dashing
package: sros2
version: eloquent

RVD#672: CB3.1 3.4.5-100 hard-coded public credentials for controller

1 comment

```yaml { "id": 672, "title": "RVD#672: CB3.1 3.4.5-100 hard-coded public credentials for controller", "type": "vulnerability", "description": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that...

severity: critical
vulnerability
vendor: Universal Robots
robot: UR3
robot: UR5
robot: UR10
robot component: Universal Robots Controller

Unable to reprogram FPGA and run NEW kernels in combination with XRT, affects both non-DFX and DFX base platforms

10 comment

#### Context This ticket's part of a debugging effort and connected to past issues including #69 #70 #71 and #72. While developing kernels it's common to test (also in `hw`...

Working on it

Consider "power attacks"

Probably as part of the physical layer.

Calculated port number is too high. Probably the domainId is over 232, there are too much participants created or portBase is too high.

2 comment

```bash root@d4896f2269d0:/tmp/aztarna# aztarna -t ros2 --passive any Exploring ROS_DOMAIN_ID from: 0 to 231 Scanning the network... Exploring ROS_DOMAIN_ID: 0 Exploring ROS_DOMAIN_ID: 1 Exploring ROS_DOMAIN_ID: 2 Exploring ROS_DOMAIN_ID: 3 Exploring ROS_DOMAIN_ID:...

Include lifecyle in --daemon

1 comment

We should fetch the information into the nodes and with the `key` lifecycle. See the following example of what should be included ```bash root@ac24ecabf79f:/tmp# ros2 lifecycle nodes /map_server /dwb_controller /global_costmap/global_costmap...