Chen Jie

**Name of the Vulnerable Software and Affected Versions** KUKA KR C4 control software versions prior to 8.7 Any product running KSS **Description** The issue is related to the use of hard-coded credentials in the KUKA KR C4 control software and the KSS operating system. An attacker can exploit this to gain full access to the vulnerable system, specifically obtaining VxWorks Shell after login. This can be done remotely. **Recommendations** For KUKA KR C4 control software versions prior to 8.7, update to version 8.7 or later to resolve the issue. For any product running KSS, consider changing the default credentials to custom, secure ones to minimize the risk of exploitation. As a temporary workaround, restrict access to the system to prevent unauthorized login attempts until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** KUKA KR C4 control software versions prior to 8.7 Any product running KSS (affected versions not specified) **Description** The issue is related to hard-coded credentials in the system, allowing an attacker to gain full access, including read, write, and delete capabilities, to sensitive folders. This can be exploited by a remote attacker to gain full system access. **Recommendations** For KUKA KR C4 control software versions prior to 8.7, update to version 8.7 or later to resolve the issue. For products running KSS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.