CVE-2022-2242

{"id": "CVE-2022-2242", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-10T11:15:08.047", "references": [{"url": "https://www.kuka.com/advisories-CVE-2022-2242", "tags": ["Mitigation", "Vendor Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."}, {"lang": "es", "value": "El KUKA SystemSoftware V/KSS en versiones anteriores a 8.6.5, es propenso a un control de acceso inapropiado, ya que un atacante no autorizado puede leer y escribir directamente las configuraciones del robot cuando el control de acceso no est\u00e1 disponible o no est\u00e1 habilitado (por defecto)"}], "lastModified": "2022-08-12T17:41:48.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kuka:systemsoftware_v\\/kss:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08A86D9F-4341-46E9-9F3A-492DFBAC2401", "versionEndExcluding": "8.6.5", "versionStartIncluding": "8.2"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}