An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01 | Third Party Advisory US Government Resource |
Configurations
History
08 Jun 2022, 12:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:kuka:kss:*:*:*:*:*:*:*:* cpe:2.3:h:kuka:kr_c4:-:*:*:*:*:*:*:* cpe:2.3:o:kuka:kr_c4_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 8.8 |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-01 - Third Party Advisory, US Government Resource |
26 May 2022, 17:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 17:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-33014
Mitre link : CVE-2021-33014
CVE.ORG link : CVE-2021-33014
JSON object : View
Products Affected
kuka
- kss
- kr_c4
- kr_c4_firmware
CWE
CWE-798
Use of Hard-coded Credentials