Sign-up

ID

VAR-202208-0906


CVE

CVE-2022-2242


TITLE

kuka  of  systemsoftware v/kss  Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014195

DESCRIPTION

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default). kuka of systemsoftware v/kss There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-2242 // JVNDB: JVNDB-2022-014195

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:kukamodel:systemsoftware v\/kssscope:gteversion:8.2

Trust: 1.0

vendor:kukamodel:systemsoftware v\/kssscope:ltversion:8.6.5

Trust: 1.0

vendor:kukamodel:systemsoftware v/kssscope:eqversion:8.2 that's all 8.6.5

Trust: 0.8

vendor:kukamodel:systemsoftware v/kssscope:eqversion: -

Trust: 0.8

vendor:kukamodel:systemsoftware v/kssscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014195 // NVD: CVE-2022-2242

CVSS

SEVERITY

CVSSV2

CVSSV3

info@cert.vde.com: CVE-2022-2242
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2022-014195
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202208-2710
value: CRITICAL

Trust: 0.6

info@cert.vde.com: CVE-2022-2242
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-014195
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014195 // CNNVD: CNNVD-202208-2710 // NVD: CVE-2022-2242

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014195 // NVD: CVE-2022-2242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2710

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202208-2710

PATCH

title:KUKA SystemSoftware V/KSS Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203815

Trust: 0.6

sources: CNNVD: CNNVD-202208-2710

EXTERNAL IDS

db:NVDid:CVE-2022-2242

Trust: 3.3

db:JVNDBid:JVNDB-2022-014195

Trust: 0.8

db:CNNVDid:CNNVD-202208-2710

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-014195 // CNNVD: CNNVD-202208-2710 // NVD: CVE-2022-2242

REFERENCES

url:https://www.kuka.com/advisories-cve-2022-2242

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-2242

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2242/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-014195 // CNNVD: CNNVD-202208-2710 // NVD: CVE-2022-2242

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2022-014195
db:CNNVDid:CNNVD-202208-2710
db:NVDid:CVE-2022-2242

LAST UPDATE DATE

2025-01-30T20:52:26.972000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-014195date:2023-09-14T08:14:00
db:CNNVDid:CNNVD-202208-2710date:2022-08-11T00:00:00
db:NVDid:CVE-2022-2242date:2022-08-12T17:41:48.063

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-014195date:2023-09-14T00:00:00
db:CNNVDid:CNNVD-202208-2710date:2022-08-10T00:00:00
db:NVDid:CVE-2022-2242date:2022-08-10T11:15:08.047