22.

June 2021

Use of default passwords

Overview
The KSS uses a Windows account called „target” for internal processes. This windows
account has a shared default password and changing this password was not documented
in a central place. This default password could potentially be leveraged by third-parties to
access systems where the password has not been changed. An attacker with network
level access or physical access to the controller might be able to obtain administrative
access to the system this way. However we are not aware of any cases where this did
actually happen.

Overarching security concept considerations

We recommend to have customers perform their own risk assessment (in collaboration
with KUKA if needed) and, based on that, determine adequate mitigation steps (password
changes, external measures like network segmentation or limitation of physical access to
the system).

Performing password changes for all Windows accounts

We recommend to customize the passwords of all Windows accounts on the robot con-
troller. This includes the accounts„KukaUser“, „KukaSystem“, and „target“.

Please review the KSS version-specific remarks below and see the appendix for detailed
instructions: “Changing the initial passwords (only KSS”).

We offer additional solutions for customers with even higher protection requirements.
Please reach out to your technical contact for additional information.

Availability of the password change functionality and version specific issues

Overview:
KSS 8.7 KSS 8.6 KSS 8.5 KSS 8.3 KSS <= 8.2

Passwords change Yes Yes Up from Up from No

supported 8.5.2 8.3.34

Changed „target“ ac- Up from Up from No No -

count password will be 8.7.3 8.6.9
preserved across updates
External measures Alternatively or additionally external measures may be consid-
ered (e.g., network segmentation, restriction of physical ac-
cess).
KSS 8.7
• Passwords may be changed as documented below.
• A KSS update may reset the password of the Windows account “target” back to a
default value. We recommend to change the password again after performing a
KSS update. From KSS 8.7.3 onwards a changed password will be preserved
across updates.

KSS 8.6
• Passwords may be changed as documented below.
• A KSS update may reset the password of the Windows account “target” back to a
default value. We recommend to change the password again after performing a
KSS update. From KSS 8.6.9 onwards a changed password will be preserved
across updates.

KSS 8.5
• Passwords may be changed as documented below from KSS version 8.5.2 on-
wards. For versions before 8.5.2 we recommend to upgrade to version 8.5.9 at
first.
• A KSS update may reset the password of the Windows account “target” back to a
default value. We recommend to change the password again after performing a
KSS update.

KSS 8.3
• Passwords may be changed as documented below from KSS version 8.3.34 on-
wards. For versions before 8.3.34 we recommend to upgrade to version 8.3.43 at
first.
• A KSS update may reset the password of the Windows account “target” back to a
default value. We recommend to change the password again after performing a
KSS update.

KSS 8.2 and earlier

These versions are discontinued and not provided with updates anymore. A password
change is not supported. External measures might be required to restrict network-level
access and physical access to these systems.
Changing the initial passwords (only KSS)

Description
Changing initial passwords

• Change the initial passwords for the following users when starting up the system:
− KukaUser
− KukaSystem
− target

User

User name Description

Initial password
KukaUser When starting Windows, the user is automatically
logged on as “KukaUser”.
Initial password: belongs to the Windows user group “Administrators”.
68kuka1secpw59
KukaSystem The KukaSystem user has all access rights for the en-
tire system. It is used when starting the KSS.
Initial password: only known Belongs to the Windows user group “Administrators”.
internally at KUKA
target VxWorks users; for logging into the kernel system in
Windows.
Initial password: only known
internally at KUKA

KukaUser:

The initial password for the KukaUser is widely known. If it is not changed, this allows
unauthorized persons to log on to the system.

(>>> Changing the password for KukaUser)

KukaSystem/ target:

The initial passwords for these users can be changed without (!) having to be entered.
If they are not changed, this enables them to be changed later by unauthorized per-
sons.

Once an initial password has been changed, further changes are only possible if the
current password is known.

(>>> Changing the password for KukaSystem & target)

Changing the initial password for “KukaUser”

Description
When starting Windows, the user is automatically logged on with the following data:

• User name: KukaUser (Has administrator rights by default.)

• Password: 68kuka1secpw59

The password can be changed using the procedure described here.

If the changed password is lost, access to the Windows system is no longer pos-
sible – not even for KUKA.

Precondition

• Administrator access rights

• Windows interface
• Mouse and keyboard

Procedure
1. Press the Windows key and the R key simultaneously. The Run… window opens.
2. Enter the cmd command in the Open box and confirm with the Enter key. The
command window opens.
3. Enter the following command:

c:\krc\util\krcuserpw\changepwd.exe /u="kukauser" /op="OLD_PW"

/p="NEW_PW" /cp

Here, enter the current password instead of OLD_PW and the desired new password
instead of NEW_PW.

4. Confirm by pressing the Enter key.

The initial password is changed. There is no confirmation message. The change is

effective immediately.
Parameter

Parameter Description
/u= "…" User name
/op= "…" Current password

Upper and lower case are taken into consideration.

/p= "…" New password

Upper and lower case are taken into consideration.

/cp “Change password” command

A password must not contain quotation marks followed by another special char-
acter or space. The following examples are thus NOT possible:

• My"&password
• My" password

Log file
The change is logged in:

• C:\KRC\ROBOTER\LOG\_ChangePwd.log

The errors are also indicated here in plain text. Password changes via WorkVisual are
logged here, too.

Changing the initial password for “KukaSystem”

and “target”
The initial passwords of the following users can be changed without (!) having to be
entered:

• KukaSystem
• target

Each password can be changed using the procedure described here.

Once an initial password has been changed, further changes are only possible if the
current password is known.

If the changed password is lost, access to the Windows system is no longer pos-
sible – not even for KUKA.
Precondition

• Administrator access rights

• Windows interface
• Mouse and keyboard

Procedure for KUKASystem

1. Press the Windows key and the R key simultaneously. The Run… window opens.
2. Enter the cmd command in the Open box and confirm with the Enter key. The
command window opens.
3. Enter the following command:

c:\krc\util\krcuserpw\changepwd.exe /u="kukasystem"
/op="NEW_PW" /p="NEW_PW" /cp

When doing so, enter the desired new password instead of NEW_PW in both cases.

4. Confirm by pressing the Enter key.

The initial password is changed. There is no confirmation message. The change is

effective immediately.

Procedure for target

1. Press the Windows key and the R key simultaneously. The Run… window opens.
2. Enter the cmd command in the Open box and confirm with the Enter key. The
command window opens.
3. Enter the following command:

c:\krc\util\krcuserpw\changepwd.exe /u="target" /op="NEW_PW"

/p="NEW_PW" /cp

When doing so, enter the desired new password instead of NEW_PW in both cases.

For target: the maximum length of the password is 16 characters.

4. Confirm by pressing the Enter key.

5. Reboot the robot controller with the settings Cold start and Reload files.
Parameter

Parameter Description
/u= "…" User name
/op= "…" Current password

Upper and lower case are taken into consideration.

/p= "…" New password

Upper and lower case are taken into consideration.

/cp “Change password” command

A password must not contain quotation marks followed by another special char-
acter or space. The following examples are thus NOT possible:

• My"&password
• My" password

Log file
The change is logged in:

• C:\KRC\ROBOTER\LOG\_ChangePwd.log

The errors are also indicated here in plain text. Password changes via WorkVisual are
logged here, too.

Changing the password: return values

The command line supplies return values which can be checked in MS DOS via ER-
RORLEVELS. The return value is “0” if the password has been successfully changed.

Return values in the event of errors (positive integers):

Code Description
ERR_OPENFILE 0x0001 Error opening the KEC file
ERR_ARGMISMATCH 0x0002 No /u or /s parameter has
been specified.
ERR_ADDUSERTOGROUP 0x0004 The user cannot be added to
the group.
ERR_USERNAME_EMPTY 0x0008 No user name was specified
for “Change password”.
ERR_PASSWORD_EMPTY 0x0010 No new password was
specified for “Change
password”.
ERR_READINGUSER_KUKACONFIG 0x0020 The VxWorks user cannot
be read from kuka.config*
for “Change password”.
ERR_READINGPASSWORD_KUKACONFI 0x0040 The VxWorks password
G cannot be read from ku-
ka.config* for “Change
password”.
ERR_EXTRACTINGINFO_STARTKRCKEC 0x0080 The following data cannot
be read from StartKrc.kec
in the path C:\KRC for
“Change password”:

• User name, domain and

password of the KEC
user

ERR_WRITETARGETPASSWORD 0x0100 The changed password can-

not be written to ku-
ka.config* for “Change
password”.
ERR_OPENSOURCEKECFILE 0x0200 The contents of the existing
KEC file cannot be read
when creating the KEC file.
ERR_SETSTARTUSER 0x0400 Auto logon user cannot be
set for “Change password”.
ERR_GETSTARTUSER 0x0800 The start user cannot be
determined from the
StartUser.bin file for
“Change password”. Star-
tUser.bin path:

• System Software 8.3 to

8.5:
C:\Windows\System32
• System Software 8.6 or
higher:
C:\Windows\SysWOW6
4

ERR_COMMANDINPUTFILEACCESSERRO 0x1000 There is no response file

R with the options for the
password change or it can-
not be accessed.
ERR_WRONG_NONADMINPACKAGE 0x2000 The installed NonAdmin
version is not suitable for
the password change.
ERR_WRONG_CPCPACKAGE 0x4000 The installed CPC version
is not suitable for the pass-
word change.
ERR_TARGETPASSWORDTOOLONG 0x8000 The password for the user
“target” (= VxWorks user)
is too long. Maximum
length: 16 characters.

*Path of the kuka.config file: C:\KRC\ROBOTER\Config\System\Common\VxWin

Return values in the event of errors (negative numbers):

Code Description
ERROR_ACCESS_DENIED -5 The user does not have access rights.
ERROR_INVALID_PASSWORD -86 The user has entered an invalid pass-
word.
ERROR_INVALID_PARAMETER -87 Invalid parameter
NERR_InvalidComputer - Invalid computer name
2351
NERR_NotPrimary - The operation is only allowed on the
2226 primary domain controller.
NERR_UserNotFound - The user name could not be found.
2221
NERR_PasswordTooShort - Password too short
2245

The return values come from the NetUserchangePassword method. For reasons
of completeness, return values are also specified here which are not relevant for
the robot controller, e.g. NERR_PasswordTooShort.