KUKA KR C4

Act Now9.8ICS-CERT ICSA-21-208-01Jul 27, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

KUKA KR C4 robot controllers using KSS (KUKA System Software) contain hard-coded default credentials that allow unauthenticated remote shell access. The vulnerability affects all KSS versions and KR C4 models below version 8.7. KSS versions 8.2 and earlier are no longer supported by the vendor and cannot be patched. KSS 8.3 and later support password changes, but only if administrators actively change the defaults.

What this means

What could happen

An attacker with network access to a KUKA robot controller could gain unauthorized shell access and read sensitive information, potentially allowing them to reconfigure robot movements, alter production programs, or steal proprietary manufacturing data.

Who's at risk

Manufacturing facilities operating KUKA KR C4 robots with KSS (KUKA System Software) versions 8.2 and earlier, and all KR C4 models below version 8.7. Both new installations and legacy systems are at risk; older systems cannot change default passwords and are no longer supported.

How it could be exploited

An attacker on the network sends authentication requests to the robot controller's command interface using default credentials (hard-coded in the device). Once authenticated, the attacker gains shell-level access and can execute arbitrary commands on the controller's operating system.

Prerequisites

Network connectivity to the KUKA robot controller on its command port
Default credentials must remain unchanged (username and password set by factory)

remotely exploitableno authentication requiredlow complexitydefault credentialsno patch available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

1 pending1 EOL

ProductAffected VersionsFix Status

KR C4: All< 8.7No fix yet

KSS: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDChange default credentials on KSS 8.3 and later systems immediately

HARDENINGIsolate the robot controller network from the business network using a firewall; do not expose the controller directly to the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGRestrict physical access to the robot controller and its network connections

HARDENINGContact KUKA support to discuss end-of-life options for KSS 8.2 and earlier systems

CVEs (2)

CVE-2021-33016 CVE-2021-33014

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e384ff50-f474-4eb9-90be-62822e7e7d17