KUKA KR C4 Hardcoded Credentials Vulnerabilities (CVE-2021-33016/33014)

Vulnerability Key Information 1. Vulnerability Summary CVSS v3 Score: 9.8 Notes: Remotely exploitable / Low attack complexity Vendor: KUKA Device: KR C4 Vulnerability: Use of Hard-coded Credentials 2. Risk Assessment Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and shell access. 3. Technical Details 3.1 Affected Products KR C4: All versions prior to 8.7 KSS: All versions 3.2 Vulnerability Overview 3.2.1 Use of Hard-coded Credentials CWE-798 CVE ID: CVE-2021-33016 CVSS v3 Base Score: 9.8 CVSS Vector String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.2.2 Use of Hard-coded Credentials CWE-798 CVE ID: CVE-2021-33014 CVSS v3 Base Score: 8.8 CVSS Vector String: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 3.3 Background Critical Infrastructure Sector: Critical Manufacturing Deployment Countries/Regions: Global Company Headquarters Location: Germany 3.4 Researchers Reporter: Chen Jie from NSFOCUS 4. Mitigation Measures KUKA recommends users change the default password for KSS versions 8.3 and later, if possible. KSS versions 8.2 and earlier are no longer supported and do not allow password changes. CISA advises users to implement defensive measures to minimize the risk of exploitation of these vulnerabilities. Specific recommendations include: - Minimize network exposure of control systems, ensuring they are not directly accessible from the internet. - Place control system networks and remote devices behind firewalls and isolate them from business networks. - When remote access is required, use secure methods such as Virtual Private Networks (VPN), and ensure they are updated to the latest versions. 5. Additional Information No known public exploits specifically targeting these vulnerabilities. For more mitigation guidance, refer to relevant practices and strategies provided by CISA.

Goal Reached Thanks to every supporter — we hit 100%!

KUKA KR C4 Hardcoded Credentials Vulnerabilities (CVE-2021-33016/33014)

More from this source