Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for ctrlX HMI Web Panel - WR21 (WR2110) by Rexroth

    CVE-2023-45844 (GCVE-0-2023-45844)

    Vulnerability from nvd – Published: 2023-10-25 13:07 – Updated: 2024-09-10 20:24
    VLAI
    Summary
    The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2107\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2107\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2110\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2110\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2115\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2115\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:29:32.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2107\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2107\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2110\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2110\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2115\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2115\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T20:05:44.966105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T20:24:25.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T13:07:15.053Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-45844",
        "datePublished": "2023-10-25T13:07:15.053Z",
        "dateReserved": "2023-10-18T09:35:22.486Z",
        "dateUpdated": "2024-09-10T20:24:25.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45220 (GCVE-0-2023-45220)

    Vulnerability from nvd – Published: 2023-10-25 14:15 – Updated: 2024-09-11 18:11
    VLAI
    Summary
    The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "RC7(Build date 20231107)",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T16:00:24.608539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:11:14.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve  sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:15:02.630Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-45220",
        "datePublished": "2023-10-25T14:15:02.630Z",
        "dateReserved": "2023-10-18T09:35:22.513Z",
        "dateUpdated": "2024-09-11T18:11:14.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43488 (GCVE-0-2023-43488)

    Vulnerability from nvd – Published: 2023-10-25 13:27 – Updated: 2024-09-17 14:06
    VLAI
    Summary
    The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:42.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T13:32:31.772490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:06:24.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T13:27:09.366Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-43488",
        "datePublished": "2023-10-25T13:27:09.366Z",
        "dateReserved": "2023-10-18T09:35:22.492Z",
        "dateUpdated": "2024-09-17T14:06:24.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41960 (GCVE-0-2023-41960)

    Vulnerability from nvd – Published: 2023-10-25 14:12 – Updated: 2024-09-12 14:29
    VLAI
    Summary
    The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:00:56.501041Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:29:20.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "CWE-926 Improper Export of Android Application Components",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:12:08.722Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41960",
        "datePublished": "2023-10-25T14:12:08.722Z",
        "dateReserved": "2023-10-18T09:35:22.502Z",
        "dateUpdated": "2024-09-12T14:29:20.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41372 (GCVE-0-2023-41372)

    Vulnerability from nvd – Published: 2023-10-25 14:13 – Updated: 2024-09-12 14:28
    VLAI
    Summary
    The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T18:51:52.995688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:28:34.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:13:34.827Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41372",
        "datePublished": "2023-10-25T14:13:34.827Z",
        "dateReserved": "2023-10-18T09:35:22.507Z",
        "dateUpdated": "2024-09-12T14:28:34.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41255 (GCVE-0-2023-41255)

    Vulnerability from nvd – Published: 2023-10-25 14:10 – Updated: 2024-09-12 14:30
    VLAI
    Summary
    The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:04.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:04:46.249983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:30:27.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol  exposed on the network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:10:50.626Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41255",
        "datePublished": "2023-10-25T14:10:50.626Z",
        "dateReserved": "2023-10-18T09:35:22.497Z",
        "dateUpdated": "2024-09-12T14:30:27.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45220 (GCVE-0-2023-45220)

    Vulnerability from cvelistv5 – Published: 2023-10-25 14:15 – Updated: 2024-09-11 18:11
    VLAI
    Summary
    The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "RC7(Build date 20231107)",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T16:00:24.608539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:11:14.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve  sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:15:02.630Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-45220",
        "datePublished": "2023-10-25T14:15:02.630Z",
        "dateReserved": "2023-10-18T09:35:22.513Z",
        "dateUpdated": "2024-09-11T18:11:14.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41372 (GCVE-0-2023-41372)

    Vulnerability from cvelistv5 – Published: 2023-10-25 14:13 – Updated: 2024-09-12 14:28
    VLAI
    Summary
    The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T18:51:52.995688Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:28:34.281Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:13:34.827Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41372",
        "datePublished": "2023-10-25T14:13:34.827Z",
        "dateReserved": "2023-10-18T09:35:22.507Z",
        "dateUpdated": "2024-09-12T14:28:34.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41960 (GCVE-0-2023-41960)

    Vulnerability from cvelistv5 – Published: 2023-10-25 14:12 – Updated: 2024-09-12 14:29
    VLAI
    Summary
    The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41960",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:00:56.501041Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:29:20.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "CWE-926 Improper Export of Android Application Components",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:12:08.722Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41960",
        "datePublished": "2023-10-25T14:12:08.722Z",
        "dateReserved": "2023-10-18T09:35:22.502Z",
        "dateUpdated": "2024-09-12T14:29:20.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41255 (GCVE-0-2023-41255)

    Vulnerability from cvelistv5 – Published: 2023-10-25 14:10 – Updated: 2024-09-12 14:30
    VLAI
    Summary
    The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2107 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2110 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*
    Create a notification for this product.
    boschrexroth ctrlx_hmi_web_panel_wr2115 Affected: 0 , < * (custom)
        cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:04.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2107",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2110",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr2115",
                "vendor": "boschrexroth",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T19:04:46.249983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T14:30:27.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol  exposed on the network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T14:10:50.626Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-41255",
        "datePublished": "2023-10-25T14:10:50.626Z",
        "dateReserved": "2023-10-18T09:35:22.497Z",
        "dateUpdated": "2024-09-12T14:30:27.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43488 (GCVE-0-2023-43488)

    Vulnerability from cvelistv5 – Published: 2023-10-25 13:27 – Updated: 2024-09-17 14:06
    VLAI
    Summary
    The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:42.209Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T13:32:31.772490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:06:24.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T13:27:09.366Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-43488",
        "datePublished": "2023-10-25T13:27:09.366Z",
        "dateReserved": "2023-10-18T09:35:22.492Z",
        "dateUpdated": "2024-09-17T14:06:24.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45844 (GCVE-0-2023-45844)

    Vulnerability from cvelistv5 – Published: 2023-10-25 13:07 – Updated: 2024-09-10 20:24
    VLAI
    Summary
    The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Rexroth ctrlX HMI Web Panel - WR21 (WR2107) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2110) Affected: all
    Create a notification for this product.
    Rexroth ctrlX HMI Web Panel - WR21 (WR2115) Affected: all
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2107\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2107\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2110\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2110\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rexroth ctrlx_hmi_web_panel_wr21\/wr2115\/ Affected: 0 , ≤ * (custom)
        cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\/wr2115\/:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:29:32.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2107\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2107\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2110\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2110\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rexroth:ctrlx_hmi_web_panel_wr21\\/wr2115\\/:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ctrlx_hmi_web_panel_wr21\\/wr2115\\/",
                "vendor": "rexroth",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45844",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T20:05:44.966105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T20:24:25.472Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
              "vendor": "Rexroth",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug)."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en-US"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-25T13:07:15.053Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2023-45844",
        "datePublished": "2023-10-25T13:07:15.053Z",
        "dateReserved": "2023-10-18T09:35:22.486Z",
        "dateUpdated": "2024-09-10T20:24:25.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }