Kuka KRC2 ed05 Click Status Bar to Get to Windows XP

Hi All,

Our client has a KRC2 ed05 running KSS 5.4.11.

We have 4 users:

Operator - level 5

Co-ordinator - level 10

Expert - level 20

Admin - level 30

Other than Operator (kukaAuto) the other users have passwords.

I have attached an external keyboard, mouse and screen to the controller to do some changes on security.

While adding additional security features I noticed an alarming security vulnerability.

When I click on the status Bar I get a popup window allowing me to access the Windows XP operating environment by 'minimizing' the HMI - no matter what level user is logged in.

Once HMI is 'minimized' to Windows XP, I can change registry values and do anything an Admin can do. Very dangerous.

Can someone please point me to the file or parameters where I can limit access to the 'minimize' popup feature to say Expert level (20)?

I can't find any documentation on where this feature can be secured.

Many thanks.

Quote from Fubini

Simple answer. There is no option to disallow this in KRC2 as far as I remember. KRC2 uses a Windows user account with administrative privileges. The Kuka HMI user accounts have nothing to do with the windows user account. There is a technology package KUKA.NONADMIN but I am not sure this was already available for KRC2. You could lookup the package in KUKA Xpert, see pinned topic READ FIRST if you do not already have an account.

Fubini

Thank you. I was hoping there was somewhere in MenueKeyKuka.ini, MenuKeyUser.ini, kuka_HMI.exe.config, SoftKeyKuka.ini or even the registry where I can simply disable the popup from appearing based on a user level limitation.

Quote from hermann

Remove mouse and keyboard.

unfortunately because of the work environment we have to leave the cabinet unlocked and so anyone can put a mouse in.

Quote from panic mode

no machine (computer) is ever safe as long as one has access to it's hardware. XP is long discontinued and there are no security patches. so change password, remove keyboard and mouse, put padlock on the cabinet door, don't leave the robot cabinet in a public parking lot. btw. connecting it to a network that is not secure is the same thing as leaving it outside....

You are correct of course. But in this environment we have to allow instant access to the cabinet. A hereditary issue. So a mouse can be plugged in but it would be unusual. I am trying to minimise after hour fiddling. It’s a 24 hour operation.

I was hoping there was somewhere in MenueKeyKuka.ini, MenuKeyUser.ini, kuka_HMI.exe.config, SoftKeyKuka.ini or even the registry where I can simply disable the popup from appearing based on a user level limitation.

Quote from MOM

I fully agree with panic mode.

As i have seen "normal users" only had the kcp.

Specialists had keyboard and mouse (locked in).

I can get Access via mouse and keyboard on all levels 5-30, Operator to Admin.

Display More

Quote from panic mode

have not seen KRC2 in a long time but as i recall, that is not supposed to happen unless one logs in.

I’ll have a look around this week and see why it is I can get access to mouse, keyboard and external screen no matter which user is logged in. We have duplicate kuka systems at this site, the other being a krc4, so much easier. Hopefully over time we can encourage the client to upgrade.

Quote from DannyDJ

Hello, by default when KSS is loaded, you can only work in KUKA HMI, usually to get to Windows side on KRC2, you have to first log in at least to Expert level, then by pressing the CTRL+ESC keys, the windows start menu pops-up...

Hi Danny. I recently re-installed 5.4.11 from the D partition iso.

The default boot is Operator level 5.

With a mouse and keyboard connected externally I am able to click on the STATUS BAR and get a popup offering to minimise the HMI.

Once i ‘minimize’ I have access to WindowsXP and from there can elevate privileges any way I wish..

So - I can access mouse and keyboard at the lowest level - dunno why then - and can access a very dangerous popup by clicking on the StatusBar - without the need for CTRL+ESC.

Quote from DannyDJ

I will try tommorrow this on KRC2ed 05, because usually when i work with KRC2's i work with directly KCP or remotely with TightVNC installed on the robot... You only reinstalled KSS? Not the windows XP? Maybe some already played with status bar on windows side so that is poping-up...

Thanks Danny. Only re-installed KSS. Keen to see what you come up with. There must be a way to control that popup somehow. That will solve the issue. Good luck.