CVE-2020-10635 : What You Need to Know

KUKA.Sim Pro version 3.1 is affected by a vulnerability related to the improper enforcement of message integrity during transmission in a communication channel.

Understanding CVE-2020-10635

This CVE involves a security issue in KUKA.Sim Pro version 3.1 that allows plaintext transmission of simulation models hosted by a server maintained by KUKA.

What is CVE-2020-10635?

The vulnerability in KUKA.Sim Pro version 3.1 allows for the transmission of simulation models in plaintext, potentially exposing sensitive information to unauthorized access.

The Impact of CVE-2020-10635

CVSS Base Score: 4.3 (Medium Severity)
Attack Vector: Network
Attack Complexity: Low
Integrity Impact: Low
User Interaction: Required
Scope: Unchanged
This vulnerability does not have an availability impact and requires user interaction for exploitation.

Technical Details of CVE-2020-10635

KUKA.Sim Pro version 3.1 vulnerability details and mitigation steps.

Vulnerability Description

The vulnerability involves the improper enforcement of message integrity during the transmission of simulation models in KUKA.Sim Pro version 3.1.

Affected Systems and Versions

Affected Product: Sim Pro
Vendor: KUKA
Affected Version: 3.1

Exploitation Mechanism

The vulnerability can be exploited by intercepting the plaintext transmission of simulation models from the server.

Mitigation and Prevention

Steps to mitigate and prevent the CVE-2020-10635 vulnerability.

Immediate Steps to Take

Upgrade KUKA.Sim Pro to Version 3.1.2 or above.
Ensure that the update is provided for users with a licensed Version 3.1.

Long-Term Security Practices

Regularly update software to the latest versions.
Implement encryption for sensitive data transmission.

Patching and Updates

Version 3.1 is the only affected version still maintained.
Previous versions of KUKA.Sim Pro, including Version 3.0, have been discontinued.