CISA security advisory: KUKA KR C4 Controller (27th Jul 2021)

Preface: The computer behind the robots performance is the Programmable Logic Controllers (PLCs). PLCS are able to control the robots and help them do their job at very specific times and points in the production process.

Product background: The KR C4 software architeture integrates Robot Control, PLC Control, Motion Control (e.g. KUKA.CNC) and Safety Control. All controllers share a database and infrastructure.

KUKA System Software (KSS)
In the case of the KR C4 compact robot controller, safety options such as SafeOperation are only available via the Ethernet safety interface from KSS/VSS 8.3 onwards. From KSS 8.3 and from motherboard D3236-K onwards: Board Package USB stick in the USB port.

Vulnerability details: Multiple vulnerabilities in KUKA KR C4

Vulnerable software versions
– KSS: All versions
– KR C4: before 8.7 (hardware)

For the possibility of this vulnerability, please refer to the attached diagram.

CISA security advisory: Please refer to the link – https://us-cert.cisa.gov/ics/advisories/icsa-21-208-01

Workaround: If you are not able to do the any corrective action immediately. You should following vendor recommendation to install the antivirus to enforce the protection. Ikarus antivirus is the only one tested with kuka they don’t recommend any others due to testing.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.