PT-2021-4026 · Kuka+1 · Kss+2

Chen Jie

Published

2021-07-28

Updated

2022-06-08

CVE-2021-33014

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions KUKA KR C4 control software versions prior to 8.7 Any product running KSS

Description The issue is related to the use of hard-coded credentials in the KUKA KR C4 control software and the KSS operating system. An attacker can exploit this to gain full access to the vulnerable system, specifically obtaining VxWorks Shell after login. This can be done remotely.

Recommendations For KUKA KR C4 control software versions prior to 8.7, update to version 8.7 or later to resolve the issue. For any product running KSS, consider changing the default credentials to custom, secure ones to minimize the risk of exploitation. As a temporary workaround, restrict access to the system to prevent unauthorized login attempts until a patch is applied.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2021-04553

CVE-2021-33014

Affected Products

Kss

Kuka Kr C4

Vxworks

PT-2021-4026 · Kuka+1 · Kss+2

CVE-2021-33014

Weakness Enumeration

Related Identifiers

Affected Products

References · 8