CVE-2023-43488 (GCVE-0-2023-43488)
Vulnerability from cvelistv5 – Published: 2023-10-25 13:27 – Updated: 2024-09-17 14:06
VLAI?
Summary
The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
Severity ?
7.9 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rexroth | ctrlX HMI Web Panel - WR21 (WR2107) |
Affected:
all
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:32:31.772490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:06:24.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ctrlX HMI Web Panel - WR21 (WR2107)",
"vendor": "Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2110)",
"vendor": "Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "ctrlX HMI Web Panel - WR21 (WR2115)",
"vendor": "Rexroth",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T13:27:09.366Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-43488",
"datePublished": "2023-10-25T13:27:09.366Z",
"dateReserved": "2023-10-18T09:35:22.492Z",
"dateUpdated": "2024-09-17T14:06:24.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FFA1309-DBEE-46F1-B6FD-DAE896180411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C129B8-F100-4D3A-97BC-BAD9A4129F9D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"326E80AA-C9B4-4BF1-AA2B-98A3802A72C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CA92486-EEBE-42FD-9755-006B7F2DF361\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"167C9BC4-FCC5-4FAF-8F75-F967C77400A7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The vulnerability allows a low privileged (untrusted) application to\\r\\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad permite que una aplicaci\\u00f3n con pocos privilegios (no confiable) modifique una propiedad cr\\u00edtica del sistema que deber\\u00eda negarse, para permitir que el protocolo ADB (Android Debug Bridge) quede expuesto en la red, explot\\u00e1ndolo para obtener un shell privilegiado en el dispositivo. sin requerir el acceso f\\u00edsico a trav\\u00e9s de USB.\"}]",
"id": "CVE-2023-43488",
"lastModified": "2024-11-21T08:24:08.503",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@bosch.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L\", \"baseScore\": 7.9, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 5.3}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2023-10-25T18:17:31.800",
"references": "[{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"source\": \"psirt@bosch.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@bosch.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@bosch.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-43488\",\"sourceIdentifier\":\"psirt@bosch.com\",\"published\":\"2023-10-25T18:17:31.800\",\"lastModified\":\"2024-11-21T08:24:08.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability allows a low privileged (untrusted) application to\\r\\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad permite que una aplicaci\u00f3n con pocos privilegios (no confiable) modifique una propiedad cr\u00edtica del sistema que deber\u00eda negarse, para permitir que el protocolo ADB (Android Debug Bridge) quede expuesto en la red, explot\u00e1ndolo para obtener un shell privilegiado en el dispositivo. sin requerir el acceso f\u00edsico a trav\u00e9s de USB.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@bosch.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L\",\"baseScore\":7.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@bosch.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFA1309-DBEE-46F1-B6FD-DAE896180411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C129B8-F100-4D3A-97BC-BAD9A4129F9D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"326E80AA-C9B4-4BF1-AA2B-98A3802A72C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CA92486-EEBE-42FD-9755-006B7F2DF361\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167C9BC4-FCC5-4FAF-8F75-F967C77400A7\"}]}]}],\"references\":[{\"url\":\"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\",\"source\":\"psirt@bosch.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"name\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:44:42.209Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43488\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T13:32:31.772490Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T14:06:20.947Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Rexroth\", \"product\": \"ctrlX HMI Web Panel - WR21 (WR2107)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"ctrlX HMI Web Panel - WR21 (WR2110)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"ctrlX HMI Web Panel - WR21 (WR2115)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}]}], \"references\": [{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"name\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability allows a low privileged (untrusted) application to\\r\\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"c95f66b2-7e7c-41c5-8f09-6f86ec68659c\", \"shortName\": \"bosch\", \"dateUpdated\": \"2023-10-25T13:27:09.366Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-43488\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T14:06:24.603Z\", \"dateReserved\": \"2023-10-18T09:35:22.492Z\", \"assignerOrgId\": \"c95f66b2-7e7c-41c5-8f09-6f86ec68659c\", \"datePublished\": \"2023-10-25T13:27:09.366Z\", \"assignerShortName\": \"bosch\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…