CVE-2023-48257 (GCVE-0-2023-48257)
Vulnerability from cvelistv5 – Published: 2024-01-10 13:04 – Updated: 2025-06-17 20:59
VLAI?
Summary
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
Severity ?
7.8 (High)
CWE
- CWE-1391 - n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rexroth | Nexo cordless nutrunner NXA015S-36V (0608842001) |
Affected:
NEXO-OS V1000-Release , ≤ NEXO-OS V1500-SP2
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-10T14:55:09.799098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:14.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nexo cordless nutrunner NXA015S-36V (0608842001)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA030S-36V (0608842002)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA050S-36V (0608842003)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXP012QD-36V (0608842005)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA015S-36V-B (0608842006)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA030S-36V-B (0608842007)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA050S-36V-B (0608842008)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXP012QD-36V-B (0608842010)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA011S-36V (0608842011)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA011S-36V-B (0608842012)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA065S-36V (0608842013)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXA065S-36V-B (0608842014)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXV012T-36V (0608842015)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo cordless nutrunner NXV012T-36V-B (0608842016)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2272)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2301)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2514)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2515)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2666)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
},
{
"product": "Nexo special cordless nutrunner (0608PE2673)",
"vendor": "Rexroth",
"versions": [
{
"lessThanOrEqual": "NEXO-OS V1500-SP2",
"status": "affected",
"version": "NEXO-OS V1000-Release",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "n/a",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T13:04:36.606Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html",
"tags": [
"vendor-advisory"
],
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2023-48257",
"datePublished": "2024-01-10T13:04:36.606Z",
"dateReserved": "2023-11-13T13:44:23.705Z",
"dateUpdated": "2025-06-17T20:59:14.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1000\", \"versionEndIncluding\": \"1500-sp2\", \"matchCriteriaId\": \"73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\\\(0608842012\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DC8C39A-F26D-4A5E-A502-5AA26651FD95\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\\\(0608842011\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"871F225C-EE0D-409E-98FF-CF8B2C83E877\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\\\(0608842006\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D77B7A94-EB41-442E-9930-3372EFF0C469\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\\\(0608842001\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CF63477-0CE7-446C-9872-C186AB55ADEF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\\\(0608842007\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8703D886-1E08-40B1-9666-3D585A3CB52F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\\\(0608842002\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43D5973C-E4B3-4111-A710-FE48CFE5C1A5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\\\(0608842008\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA7D4812-024D-432B-A526-0858427ED545\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\\\(0608842003\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\\\(0608842014\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"206B990F-9ACD-408D-93BB-F43F25686862\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\\\(0608842013\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E092DE8F-DB60-4D77-BCE5-8820B6190856\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\\\(0608842010\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\\\(0608842005\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63746CB7-DBDF-4705-A771-CE9581742980\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\\\(0608842016\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F974170-84B6-49FF-9988-7EFDA5964E1A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\\\(0608842015\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87D757FC-2CBA-419F-84E8-518CBEB98646\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2272\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E3E3820-FF4C-4B75-9541-B807EF52E661\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2301\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B1B2908-2C42-4E6B-9953-30B2BE2E63F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2514\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A09E202-1E38-433B-A039-F7B62C275E40\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2515\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"206E809F-D1CA-437C-9C78-76E39F7A8D69\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2666\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2673\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad permite a un atacante remoto acceder a datos confidenciales dentro de paquetes exportados u obtener hasta ejecuci\\u00f3n remota de c\\u00f3digo (RCE) con privilegios de root en el dispositivo. La vulnerabilidad puede ser explotada directamente por usuarios autenticados, a trav\\u00e9s de solicitudes HTTP manipuladas, o indirectamente por usuarios no autenticados, accediendo a paquetes de respaldo ya exportados o creando un paquete de importaci\\u00f3n e induciendo a una v\\u00edctima autenticada a enviar la solicitud de carga HTTP.\"}]",
"id": "CVE-2023-48257",
"lastModified": "2024-11-21T08:31:20.490",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@bosch.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-01-10T13:15:46.590",
"references": "[{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"source\": \"psirt@bosch.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@bosch.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@bosch.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1391\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-48257\",\"sourceIdentifier\":\"psirt@bosch.com\",\"published\":\"2024-01-10T13:15:46.590\",\"lastModified\":\"2024-11-21T08:31:20.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad permite a un atacante remoto acceder a datos confidenciales dentro de paquetes exportados u obtener hasta ejecuci\u00f3n remota de c\u00f3digo (RCE) con privilegios de root en el dispositivo. La vulnerabilidad puede ser explotada directamente por usuarios autenticados, a trav\u00e9s de solicitudes HTTP manipuladas, o indirectamente por usuarios no autenticados, accediendo a paquetes de respaldo ya exportados o creando un paquete de importaci\u00f3n e induciendo a una v\u00edctima autenticada a enviar la solicitud de carga HTTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@bosch.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@bosch.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1391\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1000\",\"versionEndIncluding\":\"1500-sp2\",\"matchCriteriaId\":\"73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\\\(0608842012\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DC8C39A-F26D-4A5E-A502-5AA26651FD95\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\\\(0608842011\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"871F225C-EE0D-409E-98FF-CF8B2C83E877\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\\\(0608842006\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D77B7A94-EB41-442E-9930-3372EFF0C469\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\\\(0608842001\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CF63477-0CE7-446C-9872-C186AB55ADEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\\\(0608842007\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8703D886-1E08-40B1-9666-3D585A3CB52F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\\\(0608842002\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43D5973C-E4B3-4111-A710-FE48CFE5C1A5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\\\(0608842008\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA7D4812-024D-432B-A526-0858427ED545\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\\\(0608842003\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\\\(0608842014\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"206B990F-9ACD-408D-93BB-F43F25686862\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\\\(0608842013\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E092DE8F-DB60-4D77-BCE5-8820B6190856\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\\\(0608842010\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\\\(0608842005\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63746CB7-DBDF-4705-A771-CE9581742980\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\\\(0608842016\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F974170-84B6-49FF-9988-7EFDA5964E1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\\\(0608842015\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D757FC-2CBA-419F-84E8-518CBEB98646\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2272\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E3E3820-FF4C-4B75-9541-B807EF52E661\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2301\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B1B2908-2C42-4E6B-9953-30B2BE2E63F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2514\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A09E202-1E38-433B-A039-F7B62C275E40\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2515\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"206E809F-D1CA-437C-9C78-76E39F7A8D69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2666\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\\\(0608pe2673\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB\"}]}]}],\"references\":[{\"url\":\"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\",\"source\":\"psirt@bosch.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"name\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:23:39.464Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48257\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-10T14:55:09.799098Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T20:50:13.028Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA015S-36V (0608842001)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA030S-36V (0608842002)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA050S-36V (0608842003)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXP012QD-36V (0608842005)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA015S-36V-B (0608842006)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA030S-36V-B (0608842007)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA050S-36V-B (0608842008)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXP012QD-36V-B (0608842010)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA011S-36V (0608842011)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA011S-36V-B (0608842012)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA065S-36V (0608842013)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXA065S-36V-B (0608842014)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXV012T-36V (0608842015)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo cordless nutrunner NXV012T-36V-B (0608842016)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2272)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2301)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2514)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2515)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2666)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}, {\"vendor\": \"Rexroth\", \"product\": \"Nexo special cordless nutrunner (0608PE2673)\", \"versions\": [{\"status\": \"affected\", \"version\": \"NEXO-OS V1000-Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"NEXO-OS V1500-SP2\"}]}], \"references\": [{\"url\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"name\": \"https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"cweId\": \"CWE-1391\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"c95f66b2-7e7c-41c5-8f09-6f86ec68659c\", \"shortName\": \"bosch\", \"dateUpdated\": \"2024-01-10T13:04:36.606Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-48257\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-17T20:59:14.230Z\", \"dateReserved\": \"2023-11-13T13:44:23.705Z\", \"assignerOrgId\": \"c95f66b2-7e7c-41c5-8f09-6f86ec68659c\", \"datePublished\": \"2024-01-10T13:04:36.606Z\", \"assignerShortName\": \"bosch\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…