Hi All,
Our client has a KRC2 ed05 running KSS 5.4.11.
We have 4 users:
Operator - level 5
Co-ordinator - level 10
Expert - level 20
Admin - level 30
Other than Operator (kukaAuto) the other users have passwords.
I have attached an external keyboard, mouse and screen to the controller to do some changes on security.
While adding additional security features I noticed an alarming security vulnerability.
When I click on the status Bar I get a popup window allowing me to access the Windows XP operating environment by 'minimizing' the HMI - no matter what level user is logged in.
Once HMI is 'minimized' to Windows XP, I can change registry values and do anything an Admin can do. Very dangerous.
Can someone please point me to the file or parameters where I can limit access to the 'minimize' popup feature to say Expert level (20)?
I can't find any documentation on where this feature can be secured.
Many thanks.