The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
06 Nov 2023, 14:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Boschrexroth ctrlx Hmi Web Panel Wr2110
Boschrexroth Boschrexroth ctrlx Hmi Web Panel Wr2110 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2115 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2107 Boschrexroth ctrlx Hmi Web Panel Wr2115 Boschrexroth ctrlx Hmi Web Panel Wr2107 Firmware |
|
CPE | cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-862 | |
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html - Mitigation, Vendor Advisory |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-02-28 20:33
NVD link : CVE-2023-43488
Mitre link : CVE-2023-43488
CVE.ORG link : CVE-2023-43488
JSON object : View
Products Affected
boschrexroth
- ctrlx_hmi_web_panel_wr2110
- ctrlx_hmi_web_panel_wr2107
- ctrlx_hmi_web_panel_wr2107_firmware
- ctrlx_hmi_web_panel_wr2110_firmware
- ctrlx_hmi_web_panel_wr2115_firmware
- ctrlx_hmi_web_panel_wr2115
CWE
CWE-862
Missing Authorization