CVE-2022-2242

EUVD-2022-34520
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDECNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
kukasystemsoftware_v\/kss
8.2 ≤
𝑥
< 8.6.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.kuka.com/advisories-CVE-2022-2242
https://www.kuka.com/advisories-CVE-2022-2242