The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
06 Nov 2023, 15:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 | |
CPE | cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Boschrexroth ctrlx Hmi Web Panel Wr2110
Boschrexroth Boschrexroth ctrlx Hmi Web Panel Wr2110 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2115 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2107 Boschrexroth ctrlx Hmi Web Panel Wr2115 Boschrexroth ctrlx Hmi Web Panel Wr2107 Firmware |
|
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html - Mitigation, Vendor Advisory |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41372
Mitre link : CVE-2023-41372
CVE.ORG link : CVE-2023-41372
JSON object : View
Products Affected
boschrexroth
- ctrlx_hmi_web_panel_wr2110
- ctrlx_hmi_web_panel_wr2107
- ctrlx_hmi_web_panel_wr2107_firmware
- ctrlx_hmi_web_panel_wr2110_firmware
- ctrlx_hmi_web_panel_wr2115_firmware
- ctrlx_hmi_web_panel_wr2115
CWE
CWE-798
Use of Hard-coded Credentials