Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for kr_c4_firmware by kuka

    CVE-2021-33016 (GCVE-0-2021-33016)

    Vulnerability from nvd – Published: 2022-05-26 16:32 – Updated: 2025-04-16 16:18
    VLAI
    Title
    KUKA KR C4 - Use of Hard-Coded Credentials
    Summary
    An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Credits
    Chen Jie from NSFOCUS reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:39.412909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:18:06.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR C4",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "v8.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "KSS (KUKA.SystemSoftware)",
              "vendor": "KUKA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T16:32:36.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
            }
          ],
          "source": {
            "advisory": "ICSA-21-208-01",
            "discovery": "UNKNOWN"
          },
          "title": "KUKA KR C4 - Use of Hard-Coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-33016",
              "STATE": "PUBLIC",
              "TITLE": "KUKA KR C4 - Use of Hard-Coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR C4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v8.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "KSS (KUKA.SystemSoftware)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-21-208-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33016",
        "datePublished": "2022-05-26T16:32:36.000Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:18:06.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33014 (GCVE-0-2021-33014)

    Vulnerability from nvd – Published: 2022-05-26 16:33 – Updated: 2025-04-16 17:53
    VLAI
    Title
    KUKA KR C4 - Use of Hard-Coded Credentials
    Summary
    An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Credits
    Chen Jie from NSFOCUS reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:28:52.289380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:53:08.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR C4",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "v8.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "KSS (KUKA.SystemSoftware)",
              "vendor": "KUKA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T16:33:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
            }
          ],
          "source": {
            "advisory": "ICSA-21-208-01",
            "discovery": "UNKNOWN"
          },
          "title": "KUKA KR C4 - Use of Hard-Coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-33014",
              "STATE": "PUBLIC",
              "TITLE": "KUKA KR C4 - Use of Hard-Coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR C4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v8.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "KSS (KUKA.SystemSoftware)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-21-208-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33014",
        "datePublished": "2022-05-26T16:33:08.000Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:53:08.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10268 (GCVE-0-2020-10268)

    Vulnerability from nvd – Published: 2020-06-16 17:55 – Updated: 2024-09-16 18:59
    VLAI
    Title
    RVD#2550: Terminate Critical Services in KUKA controller KR C4
    Summary
    Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2020-06-16 00:00
    Credits
    Alias Robotics (group, https://aliasrobotics.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:58:40.108Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/aliasrobotics/RVD/issues/2550"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
              "vendor": "KUKA Roboter GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alias Robotics (group, https://aliasrobotics.com)"
            }
          ],
          "datePublic": "2020-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-16T17:55:11.000Z",
            "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
            "shortName": "Alias"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/RVD/issues/2550"
            }
          ],
          "source": {
            "defect": [
              "RVD#2550"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RVD#2550: Terminate Critical Services in KUKA controller KR C4",
          "x_ConverterErrors": {
            "cvssV3_0": {
              "error": "CVSSV3_0 data from v4 record is invalid",
              "message": "Malformed CVSS3 vector, trailing \"/\""
            }
          },
          "x_generator": {
            "engine": "Robot Vulnerability Database (RVD)"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@aliasrobotics.com",
              "DATE_PUBLIC": "2020-06-16T17:49:11 +00:00",
              "ID": "CVE-2020-10268",
              "STATE": "PUBLIC",
              "TITLE": "RVD#2550: Terminate Critical Services in KUKA controller KR C4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA Roboter GmbH"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Alias Robotics (group, https://aliasrobotics.com)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
                }
              ]
            },
            "generator": {
              "engine": "Robot Vulnerability Database (RVD)"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "medium",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-749"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/aliasrobotics/RVD/issues/2550",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/aliasrobotics/RVD/issues/2550"
                }
              ]
            },
            "source": {
              "defect": [
                "RVD#2550"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "assignerShortName": "Alias",
        "cveId": "CVE-2020-10268",
        "datePublished": "2020-06-16T17:55:11.700Z",
        "dateReserved": "2020-03-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:59:43.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33014 (GCVE-0-2021-33014)

    Vulnerability from cvelistv5 – Published: 2022-05-26 16:33 – Updated: 2025-04-16 17:53
    VLAI
    Title
    KUKA KR C4 - Use of Hard-Coded Credentials
    Summary
    An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Credits
    Chen Jie from NSFOCUS reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:20.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:28:52.289380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:53:08.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR C4",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "v8.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "KSS (KUKA.SystemSoftware)",
              "vendor": "KUKA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T16:33:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
            }
          ],
          "source": {
            "advisory": "ICSA-21-208-01",
            "discovery": "UNKNOWN"
          },
          "title": "KUKA KR C4 - Use of Hard-Coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-33014",
              "STATE": "PUBLIC",
              "TITLE": "KUKA KR C4 - Use of Hard-Coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR C4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v8.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "KSS (KUKA.SystemSoftware)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-21-208-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33014",
        "datePublished": "2022-05-26T16:33:08.000Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:53:08.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33016 (GCVE-0-2021-33016)

    Vulnerability from cvelistv5 – Published: 2022-05-26 16:32 – Updated: 2025-04-16 16:18
    VLAI
    Title
    KUKA KR C4 - Use of Hard-Coded Credentials
    Summary
    An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Credits
    Chen Jie from NSFOCUS reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33016",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:39.412909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:18:06.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR C4",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "v8.7",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "KSS (KUKA.SystemSoftware)",
              "vendor": "KUKA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T16:32:36.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
            }
          ],
          "source": {
            "advisory": "ICSA-21-208-01",
            "discovery": "UNKNOWN"
          },
          "title": "KUKA KR C4 - Use of Hard-Coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2021-33016",
              "STATE": "PUBLIC",
              "TITLE": "KUKA KR C4 - Use of Hard-Coded Credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR C4",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "v8.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "KSS (KUKA.SystemSoftware)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chen Jie from NSFOCUS reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01"
                }
              ]
            },
            "source": {
              "advisory": "ICSA-21-208-01",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-33016",
        "datePublished": "2022-05-26T16:32:36.000Z",
        "dateReserved": "2021-05-13T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:18:06.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10268 (GCVE-0-2020-10268)

    Vulnerability from cvelistv5 – Published: 2020-06-16 17:55 – Updated: 2024-09-16 18:59
    VLAI
    Title
    RVD#2550: Terminate Critical Services in KUKA controller KR C4
    Summary
    Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2020-06-16 00:00
    Credits
    Alias Robotics (group, https://aliasrobotics.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:58:40.108Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/aliasrobotics/RVD/issues/2550"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
              "vendor": "KUKA Roboter GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alias Robotics (group, https://aliasrobotics.com)"
            }
          ],
          "datePublic": "2020-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-16T17:55:11.000Z",
            "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
            "shortName": "Alias"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/aliasrobotics/RVD/issues/2550"
            }
          ],
          "source": {
            "defect": [
              "RVD#2550"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RVD#2550: Terminate Critical Services in KUKA controller KR C4",
          "x_ConverterErrors": {
            "cvssV3_0": {
              "error": "CVSSV3_0 data from v4 record is invalid",
              "message": "Malformed CVSS3 vector, trailing \"/\""
            }
          },
          "x_generator": {
            "engine": "Robot Vulnerability Database (RVD)"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@aliasrobotics.com",
              "DATE_PUBLIC": "2020-06-16T17:49:11 +00:00",
              "ID": "CVE-2020-10268",
              "STATE": "PUBLIC",
              "TITLE": "RVD#2550: Terminate Critical Services in KUKA controller KR C4"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA Roboter GmbH"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Alias Robotics (group, https://aliasrobotics.com)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
                }
              ]
            },
            "generator": {
              "engine": "Robot Vulnerability Database (RVD)"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "medium",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-749"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/aliasrobotics/RVD/issues/2550",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/aliasrobotics/RVD/issues/2550"
                }
              ]
            },
            "source": {
              "defect": [
                "RVD#2550"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "assignerShortName": "Alias",
        "cveId": "CVE-2020-10268",
        "datePublished": "2020-06-16T17:55:11.700Z",
        "dateReserved": "2020-03-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:59:43.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }