Version 3.1 is the only affected version that is still maintained. The update is provided for users with a licensed Version 3.1. KUKA recommends upgrading KUKA.Sim Pro to Version 3.1.2 or above to mitigate this vulnerability. CRITICAL INFRASTRUCTURE SECTORS: Manufacturingįederico Maggi of Trend Micro reported this vulnerability to CISA.A CVSS v3 base score of 4.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). When these devices request a model, the server transmits the model in plaintext.ĬVE-2020-10635 has been assigned to this vulnerability. Simulation models for these devices are hosted by a server maintained by KUKA. 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ENFORCEMENT OF MESSAGE INTEGRITY DURING TRANSMISSION IN A COMMUNICATION CHANNEL (CWE-924) KUKA.Sim Pro Version 3.1 simulation and machine-programming software is affected by this vulnerability. When tested on real machines, this effect is unpredictable. Successful exploitation of this vulnerability could result in a loss of integrity in external 3D models fetched from remote servers. Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |