Security Advisories
Keeping your AMRs secure is a continuous process which extends throughout the lifecycle of the robots. As your supplier, MiR responsibly informs you about known security concerns and recommended mitigative actions.
On this page we publish advisories regarding known issues relating to Product Security. Please read them carefully to fully understand the possible risks and recommended mitigative actions.
Mobile Industrial Robots A/S expressly disclaims liability for any and all damages or injuries caused as a result of customer’s failure to operate the robot in strict compliance with the User Manuals, follow and implement the recommendations in the Security Advisories below.
CVE-2025-9229: Information Disclosure through verbose error pagesCVE-2025-8749: Path traversalCVE-2025-9225: Cross-site scriptingCVE-2025-9228: Insufficient authorization when creating notesCVE-2025-8748: Command injectionCVE-2021-44228: Log4Shell CVE-2017-7184, CVE-2017-18255: Local Attacker can Exploit Kernel VulnerabilitiesCVE-2020-10269: Default Passwords for Wireless Access PointsCVE-2020-10270: Predefined Credentials for the web InterfaceCVE-2020-10271, CVE-2020-10272: Interfaces Accessible without AuthenticationCVE-2020-10273: No Encryption on ArtifactsCVE-2020-10274, CVE-2020-10275: API Vulnerable via default Web CredentialsCVE-2020-10276: Default Passwords for safety PLCCVE-2020-10277: Boot from a connected USB drive.CVE-2020-10278: No Password Configured for the BIOSCVE-2020-10279: Insecure Defaults for RobotsCVE-2020-10280: DOS on Web Interface