Vulnerabilities (CVE)

Filtered by vendor Bosch Subscribe
Filtered by product Rexroth Indramotion Xlc
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23857 1 Bosch 24 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L25 and 21 more 2024-11-21 10.0 HIGH 10.0 CRITICAL
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.
CVE-2021-23855 1 Bosch 4 Rexroth Indramotion Mlc, Rexroth Indramotion Mlc Firmware, Rexroth Indramotion Xlc and 1 more 2024-11-21 5.0 MEDIUM 8.6 HIGH
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.