An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01 | Third Party Advisory US Government Resource |
Configurations
History
08 Jun 2022, 12:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 8.8 |
CPE | cpe:2.3:o:kuka:kr_c4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:kuka:kr_c4:-:*:*:*:*:*:*:* cpe:2.3:o:kuka:kss:*:*:*:*:*:*:*:* |
|
First Time |
Kuka kss
Kuka kr C4 Firmware Kuka kr C4 Kuka |
26 May 2022, 17:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-33014
Mitre link : CVE-2021-33014
CVE.ORG link : CVE-2021-33014
JSON object : View
Products Affected
kuka
- kss
- kr_c4_firmware
- kr_c4
CWE
CWE-798
Use of Hard-coded Credentials