Lucene search

CERTVDECVELIST:CVE-2022-2242

HistoryAug 10, 2022 - 12:00 a.m.

CVE-2022-2242 KUKA V/KSS WoV SH access control vulnerability

2022-08-1000:00:00

CWE-306

CERTVDE

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).

CNA Affected

[
  {
    "product": "SystemSoftware V/KSS",
    "vendor": "KUKA",
    "versions": [
      {
        "lessThan": "8.6.5",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.kuka.com/advisories-CVE-2022-2242

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

Related for CVELIST:CVE-2022-2242