Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for systemsoftware_v\/kss by kuka

    CVE-2022-2242 (GCVE-0-2022-2242)

    Vulnerability from nvd – Published: 2022-08-10 10:20 – Updated: 2024-09-17 00:07
    VLAI
    Title
    KUKA V/KSS WoV SH access control vulnerability
    Summary
    The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://www.kuka.com/advisories-CVE-2022-2242 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    KUKA SystemSoftware V/KSS Affected: 8.2 , < 8.6.5 (custom)
    Create a notification for this product.
    Date Public
    2022-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kuka.com/advisories-CVE-2022-2242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SystemSoftware V/KSS",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "8.6.5",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-10T10:20:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kuka.com/advisories-CVE-2022-2242"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64153"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "KUKA V/KSS WoV SH access control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-08-10T10:00:00.000Z",
              "ID": "CVE-2022-2242",
              "STATE": "PUBLIC",
              "TITLE": "KUKA V/KSS WoV SH access control vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SystemSoftware V/KSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.6.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kuka.com/advisories-CVE-2022-2242",
                  "refsource": "CONFIRM",
                  "url": "https://www.kuka.com/advisories-CVE-2022-2242"
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#64153"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-2242",
        "datePublished": "2022-08-10T10:20:19.887Z",
        "dateReserved": "2022-06-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:07:00.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2242 (GCVE-0-2022-2242)

    Vulnerability from cvelistv5 – Published: 2022-08-10 10:20 – Updated: 2024-09-17 00:07
    VLAI
    Title
    KUKA V/KSS WoV SH access control vulnerability
    Summary
    The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://www.kuka.com/advisories-CVE-2022-2242 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    KUKA SystemSoftware V/KSS Affected: 8.2 , < 8.6.5 (custom)
    Create a notification for this product.
    Date Public
    2022-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kuka.com/advisories-CVE-2022-2242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SystemSoftware V/KSS",
              "vendor": "KUKA",
              "versions": [
                {
                  "lessThan": "8.6.5",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-10T10:20:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kuka.com/advisories-CVE-2022-2242"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64153"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "KUKA V/KSS WoV SH access control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-08-10T10:00:00.000Z",
              "ID": "CVE-2022-2242",
              "STATE": "PUBLIC",
              "TITLE": "KUKA V/KSS WoV SH access control vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SystemSoftware V/KSS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.6.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "KUKA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.kuka.com/advisories-CVE-2022-2242",
                  "refsource": "CONFIRM",
                  "url": "https://www.kuka.com/advisories-CVE-2022-2242"
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#64153"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-2242",
        "datePublished": "2022-08-10T10:20:19.887Z",
        "dateReserved": "2022-06-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:07:00.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }