Description
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update.

This issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and ANEKSKLIENT.EXE up to 29.00.02.026

Beside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.
Published: 2026-06-01
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Hard‑coded credentials within KS‑SOMED enable an attacker to reach the FTP server that hosts update packages. With these credentials an attacker can upload a malicious update file, which may then be distributed to client machines and installed as a legitimate update. The weakness is a classic authentication flaw (CWE‑798) that potentially allows remote code execution on clients receiving the tampered update.

Affected Systems

The vulnerability affects KAMSOFT KS‑SOMED applications. Specifically, the KSPLUPDFTP.exe module up to version 30.00.00.056 and the ANEKSKLIENT.EXE module up to version 29.00.02.026 are impacted.

Risk and Exploitability

The CVSS score of 8.7 marks this issue as a high‑severity vulnerability. Although no EPSS score is available, the presence of hard‑coded credentials makes exploitation highly likely if an attacker can reach the FTP service. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is direct FTP traffic from environments that can reach the server; once the embedded credentials are used, the attacker can upload files and trigger code execution on downstream client systems.

Generated by OpenCVE AI on June 1, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade KS‑SOMED to a patched release that removes hard‑coded credentials and revokes read‑only restrictions on the FTP service.
  • Replace embedded credentials with secure authentication mechanisms and routinely rotate any system accounts.
  • Enhance the update deployment process by enforcing digital signatures, cryptographic checksums, and continuous monitoring for anomalous upload activity.
  • As a temporary measure, restrict external FTP access or add firewall rules to limit which IPs can connect to the update service.

Generated by OpenCVE AI on June 1, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Kamsoft
Kamsoft ks-somed
Vendors & Products Kamsoft
Kamsoft ks-somed

Mon, 01 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and ANEKSKLIENT.EXE up to 29.00.02.026 Beside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.
Title Hard-coded credentials in KS-SOMED
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Kamsoft Ks-somed
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-01T15:29:24.327Z

Reserved: 2026-04-25T11:31:56.229Z

Link: CVE-2026-42251

cve-icon Vulnrichment

Updated: 2026-06-01T15:29:20.512Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T15:16:35.060

Modified: 2026-06-01T16:37:15.140

Link: CVE-2026-42251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:54:36Z

Weaknesses