The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.
This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
06 Nov 2023, 14:33
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 | |
First Time |
Boschrexroth ctrlx Hmi Web Panel Wr2110
Boschrexroth Boschrexroth ctrlx Hmi Web Panel Wr2110 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2115 Firmware Boschrexroth ctrlx Hmi Web Panel Wr2107 Boschrexroth ctrlx Hmi Web Panel Wr2115 Boschrexroth ctrlx Hmi Web Panel Wr2107 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:* cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:* |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-25 18:17
Updated : 2024-02-28 20:33
NVD link : CVE-2023-45851
Mitre link : CVE-2023-45851
CVE.ORG link : CVE-2023-45851
JSON object : View
Products Affected
boschrexroth
- ctrlx_hmi_web_panel_wr2110
- ctrlx_hmi_web_panel_wr2107
- ctrlx_hmi_web_panel_wr2107_firmware
- ctrlx_hmi_web_panel_wr2110_firmware
- ctrlx_hmi_web_panel_wr2115_firmware
- ctrlx_hmi_web_panel_wr2115
CWE
CWE-306
Missing Authentication for Critical Function