Search criteria
22 vulnerabilities by Bosch Rexroth AG
CVE-2025-48862 (GCVE-0-2025-48862)
Vulnerability from cvelistv5 – Published: 2025-08-14 09:08 – Updated: 2025-08-14 15:46
VLAI?
Summary
Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Setup |
Affected:
1.20.0 , ≤ 1.20.1
(custom)
Affected: 2.6.0 , ≤ 2.6.1 (custom) Affected: 3.6.0 , ≤ 3.6.2 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T15:46:31.569740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T15:46:38.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Setup",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key -\u00a0if available in the backup - is encrypted, while the backup file itself remains unencrypted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1104",
"description": "CWE-1104 Use of Unmaintained Third Party Components",
"lang": "en-US"
},
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:08:01.853Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-48862",
"datePublished": "2025-08-14T09:08:01.853Z",
"dateReserved": "2025-05-27T10:45:32.638Z",
"dateUpdated": "2025-08-14T15:46:38.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48861 (GCVE-0-2025-48861)
Vulnerability from cvelistv5 – Published: 2025-08-14 09:07 – Updated: 2025-08-14 15:47
VLAI?
Summary
A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Setup |
Affected:
1.20.0 , ≤ 1.20.1
(custom)
Affected: 2.6.0 , ≤ 2.6.1 (custom) Affected: 3.6.0 , ≤ 3.6.2 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T15:46:48.369443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T15:47:23.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Setup",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed\u00a0a remote, unauthenticated attacker to access and extract internal application data,\u00a0including potential debug logs and the version of installed apps."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:07:24.465Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-48861",
"datePublished": "2025-08-14T09:07:24.465Z",
"dateReserved": "2025-05-27T10:45:32.638Z",
"dateUpdated": "2025-08-14T15:47:23.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48860 (GCVE-0-2025-48860)
Vulnerability from cvelistv5 – Published: 2025-08-14 09:06 – Updated: 2025-08-15 03:55
VLAI?
Summary
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Setup |
Affected:
1.20.0 , ≤ 1.20.1
(custom)
Affected: 2.6.0 , ≤ 2.6.1 (custom) Affected: 3.6.0 , ≤ 3.6.2 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T03:55:37.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Setup",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application of the ctrlX OS setup mechanism facilitated\u00a0an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup\u00a0archive, the attacker may have been able to access sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T09:06:36.594Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-129652.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-48860",
"datePublished": "2025-08-14T09:06:36.594Z",
"dateReserved": "2025-05-27T10:45:32.638Z",
"dateUpdated": "2025-08-15T03:55:37.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27532 (GCVE-0-2025-27532)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:49 – Updated: 2025-04-30 14:08
VLAI?
Summary
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
Severity ?
6.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:07:36.369370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:08:31.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cBackup \u0026 Restore\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:49:02.687Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-27532",
"datePublished": "2025-04-30T11:49:02.687Z",
"dateReserved": "2025-02-28T12:47:36.247Z",
"dateUpdated": "2025-04-30T14:08:31.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24351 (GCVE-0-2025-24351)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:47 – Updated: 2025-08-27 20:43
VLAI?
Summary
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.20.0 , ≤ 1.20.7
(custom)
Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T03:55:12.845453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:43:01.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cRemote Logging\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user \u201croot\u201d via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:47:00.441Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24351",
"datePublished": "2025-04-30T11:47:00.441Z",
"dateReserved": "2025-01-20T15:09:10.534Z",
"dateUpdated": "2025-08-27T20:43:01.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24350 (GCVE-0-2025-24350)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:45 – Updated: 2025-04-30 14:23
VLAI?
Summary
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
Severity ?
7.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:19:36.466932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:23:43.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cCertificates and Keys\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:45:52.088Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24350",
"datePublished": "2025-04-30T11:45:52.088Z",
"dateReserved": "2025-01-20T15:09:10.534Z",
"dateUpdated": "2025-04-30T14:23:43.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24349 (GCVE-0-2025-24349)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:44 – Updated: 2025-04-30 14:30
VLAI?
Summary
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
Severity ?
7.1 (High)
CWE
- CWE-183 - Permissive List of Allowed Inputs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:30:15.140761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:30:33.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-183",
"description": "CWE-183 Permissive List of Allowed Inputs",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:44:33.547Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24349",
"datePublished": "2025-04-30T11:44:33.547Z",
"dateReserved": "2025-01-20T15:09:10.534Z",
"dateUpdated": "2025-04-30T14:30:33.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24348 (GCVE-0-2025-24348)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:42 – Updated: 2025-04-30 14:34
VLAI?
Summary
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:34:00.567080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:34:17.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:42:54.314Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24348",
"datePublished": "2025-04-30T11:42:54.314Z",
"dateReserved": "2025-01-20T15:09:10.534Z",
"dateUpdated": "2025-04-30T14:34:17.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24347 (GCVE-0-2025-24347)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:41 – Updated: 2025-04-30 14:35
VLAI?
Summary
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
Severity ?
6.5 (Medium)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:35:11.535734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:35:23.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cNetwork Interfaces\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:41:39.707Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24347",
"datePublished": "2025-04-30T11:41:39.707Z",
"dateReserved": "2025-01-20T15:09:10.533Z",
"dateUpdated": "2025-04-30T14:35:23.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24346 (GCVE-0-2025-24346)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:39 – Updated: 2025-08-27 20:43
VLAI?
Summary
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
Severity ?
7.5 (High)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T03:55:11.477767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:43:01.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cProxy\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the \u201c/etc/environment\u201d file via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:39:42.899Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24346",
"datePublished": "2025-04-30T11:39:42.899Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-08-27T20:43:01.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24345 (GCVE-0-2025-24345)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:35 – Updated: 2025-04-30 14:44
VLAI?
Summary
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
Severity ?
6.3 (Medium)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.20.0 , ≤ 1.20.7
(custom)
Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:43:57.951337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:44:15.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cHosts\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the \u201chosts\u201d file in an unintended manner via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:35:44.628Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24345",
"datePublished": "2025-04-30T11:35:44.628Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T14:44:15.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24344 (GCVE-0-2025-24344)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:33 – Updated: 2025-04-30 14:52
VLAI?
Summary
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.
Severity ?
6.3 (Medium)
CWE
- CWE-81 - Improper Neutralization of Script in an Error Message Web Page
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Solutions |
Affected:
1.12.0 , ≤ 1.12.1
(custom)
Affected: 1.20.0 , ≤ 1.20.1 (custom) Affected: 2.6.0 , ≤ 2.6.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:51:59.902497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:52:12.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Solutions",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user\u0027s browser via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-81",
"description": "CWE-81 Improper Neutralization of Script in an Error Message Web Page",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:33:44.949Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24344",
"datePublished": "2025-04-30T11:33:44.949Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T14:52:12.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24343 (GCVE-0-2025-24343)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:26 – Updated: 2025-04-30 15:07
VLAI?
Summary
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.
Severity ?
5.4 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Solutions |
Affected:
1.12.0 , ≤ 1.12.1
(custom)
Affected: 1.20.0 , ≤ 1.20.1 (custom) Affected: 2.6.0 , ≤ 2.6.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:06:49.455305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:07:05.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Solutions",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:26:51.681Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24343",
"datePublished": "2025-04-30T11:26:51.681Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T15:07:05.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24342 (GCVE-0-2025-24342)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:25 – Updated: 2025-04-30 15:08
VLAI?
Summary
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:07:26.811208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:08:39.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:25:35.615Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24342",
"datePublished": "2025-04-30T11:25:35.615Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T15:08:39.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24341 (GCVE-0-2025-24341)
Vulnerability from cvelistv5 – Published: 2025-04-30 11:14 – Updated: 2025-04-30 15:11
VLAI?
Summary
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:09:35.775128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:11:57.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:14:47.046Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24341",
"datePublished": "2025-04-30T11:14:47.046Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T15:11:57.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24340 (GCVE-0-2025-24340)
Vulnerability from cvelistv5 – Published: 2025-04-30 10:59 – Updated: 2025-04-30 15:44
VLAI?
Summary
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
Severity ?
6.5 (Medium)
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:44:20.325238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:44:38.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T10:59:06.633Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24340",
"datePublished": "2025-04-30T10:59:06.633Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T15:44:38.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24339 (GCVE-0-2025-24339)
Vulnerability from cvelistv5 – Published: 2025-04-30 10:54 – Updated: 2025-04-30 15:46
VLAI?
Summary
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.
Severity ?
5 (Medium)
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Device Admin |
Affected:
1.12.0 , ≤ 1.12.9
(custom)
Affected: 1.20.0 , ≤ 1.20.7 (custom) Affected: 2.6.0 , ≤ 2.6.8 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:45:21.095944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:46:30.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Device Admin",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.9",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.7",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.8",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T11:01:15.158Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24339",
"datePublished": "2025-04-30T10:54:56.607Z",
"dateReserved": "2025-01-20T15:09:10.532Z",
"dateUpdated": "2025-04-30T15:46:30.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24338 (GCVE-0-2025-24338)
Vulnerability from cvelistv5 – Published: 2025-04-30 10:51 – Updated: 2025-08-27 20:43
VLAI?
Summary
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.
Severity ?
7.1 (High)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX OS - Solutions |
Affected:
1.12.0 , ≤ 1.12.1
(custom)
Affected: 1.20.0 , ≤ 1.20.1 (custom) Affected: 2.6.0 , ≤ 2.6.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T03:55:08.723563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:43:01.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX OS - Solutions",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "1.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.1",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user\u0027s browser via multiple crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T10:52:19.828Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2025-24338",
"datePublished": "2025-04-30T10:51:00.663Z",
"dateReserved": "2025-01-20T15:09:10.531Z",
"dateUpdated": "2025-08-27T20:43:01.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-48989 (GCVE-0-2024-48989)
Vulnerability from cvelistv5 – Published: 2024-11-13 13:39 – Updated: 2024-11-13 14:37
VLAI?
Summary
A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bosch Rexroth AG | IndraDrive FWA-INDRV*-MP* |
Affected:
17VRS , < 20V36
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:boschrexrothag:indradrive_fwa_indrv_mp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "indradrive_fwa_indrv_mp",
"vendor": "boschrexrothag",
"versions": [
{
"lessThan": "20v36",
"status": "affected",
"version": "17vrs",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T14:28:10.398256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:37:07.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IndraDrive FWA-INDRV*-MP*",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"lessThan": "20V36",
"status": "affected",
"version": "17VRS",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T13:39:15.659Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-315415.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-315415.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2024-48989",
"datePublished": "2024-11-13T13:39:15.659Z",
"dateReserved": "2024-10-11T12:12:25.507Z",
"dateUpdated": "2024-11-13T14:37:07.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46102 (GCVE-0-2023-46102)
Vulnerability from cvelistv5 – Published: 2023-10-25 14:19 – Updated: 2024-09-11 13:49
VLAI?
Summary
The Android Client application, when enrolled to the AppHub server, connects to an MQTT
broker to exchange messages and receive commands to execute on the HMI device.
The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.
This issue allows an attacker able to control a malicious MQTT broker on the same subnet
network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.
Severity ?
8.8 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX HMI Web Panel - WR21 (WR2107) |
Affected:
all
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:boschrexrothag:ctrl_hmi_web_panel-wr21_\\(wr2110\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ctrl_hmi_web_panel-wr21_\\(wr2110\\)",
"vendor": "boschrexrothag",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:boschrexrothag:ctrl_hmi_web_panel-wr21_\\(wr2115\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ctrl_hmi_web_panel-wr21_\\(wr2115\\)",
"vendor": "boschrexrothag",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:boschrexrothag:ctrl_hmi_web_panel-wr21_\\(wr2107\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ctrl_hmi_web_panel-wr21_\\(wr2107\\)",
"vendor": "boschrexrothag",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:45:20.593751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:49:04.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX HMI Web Panel - WR21 (WR2107)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2110)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2115)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Android Client application, when enrolled to the AppHub server, connects to an MQTT\r\nbroker to exchange messages and receive commands to execute on the HMI device.\r\nThe protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application.\r\n\r\n\r\nThis issue allows an attacker able to control a malicious MQTT broker on the same subnet\r\nnetwork of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T14:19:20.107Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-46102",
"datePublished": "2023-10-25T14:19:20.107Z",
"dateReserved": "2023-10-18T09:35:22.530Z",
"dateUpdated": "2024-09-11T13:49:04.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45851 (GCVE-0-2023-45851)
Vulnerability from cvelistv5 – Published: 2023-10-25 14:18 – Updated: 2024-09-11 18:06
VLAI?
Summary
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.
This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
Severity ?
8.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX HMI Web Panel - WR21 (WR2107) |
Affected:
all
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ctrlx_hmi_web_panel_wr2107",
"vendor": "boschrexroth",
"versions": [
{
"lessThan": "RC7(Build date 20231107)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T16:00:27.264096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:06:40.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX HMI Web Panel - WR21 (WR2107)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2110)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2115)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.\u00a0\r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T14:18:08.811Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-45851",
"datePublished": "2023-10-25T14:18:08.811Z",
"dateReserved": "2023-10-18T09:35:22.524Z",
"dateUpdated": "2024-09-11T18:06:40.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45321 (GCVE-0-2023-45321)
Vulnerability from cvelistv5 – Published: 2023-10-25 14:16 – Updated: 2024-09-11 18:11
VLAI?
Summary
The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.
Severity ?
8.3 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Bosch Rexroth AG | ctrlX HMI Web Panel - WR21 (WR2107) |
Affected:
all
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ctrlx_hmi_web_panel_wr2107",
"vendor": "boschrexroth",
"versions": [
{
"lessThan": "RC7(Build date 20231107)",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T16:00:25.907168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:11:00.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX HMI Web Panel - WR21 (WR2107)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2110)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2115)",
"vendor": "Bosch Rexroth AG",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T14:16:41.097Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-45321",
"datePublished": "2023-10-25T14:16:41.097Z",
"dateReserved": "2023-10-18T09:35:22.518Z",
"dateUpdated": "2024-09-11T18:11:00.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}