Lucene search

[email protected]CVE-2021-23858

HistoryOct 04, 2021 - 6:15 p.m.

CVE-2021-23858

2021-10-0418:15:07

CWE-306

CWE-200

[email protected]

web.nvd.nist.gov

cve-2021-23858

information disclosure

configuration

device details

unprotected web server

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

Affected configurations

NVD

Node

boschrexroth_indramotion_mlc_l20_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l20Match-

Node

boschrexroth_indramotion_mlc_l40_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l40Match-

Node

boschrexroth_indramotion_mlc_l25_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l25Match-

Node

boschrexroth_indramotion_mlc_l45_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l45Match-

Node

boschrexroth_indramotion_mlc_l65_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l65Match-

Node

boschrexroth_indramotion_mlc_l85_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l85Match-

Node

boschrexroth_indramotion_mlc_xm21_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_xm21Match-

Node

boschrexroth_indramotion_mlc_xm22_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_xm22Match-

Node

boschrexroth_indramotion_mlc_xm41_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_xm41Match-

Node

boschrexroth_indramotion_mlc_xm42_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_xm42Match-

Node

boschindracontrol_xlc_firmwareRange≤12

AND

boschindracontrol_xlcMatch-

Node

boschrexroth_indramotion_mlc_l75_firmwareRange≤12

AND

boschrexroth_indramotion_mlc_l75Match-

CPENameOperatorVersion
bosch:rexroth_indramotion_mlc_l20_firmwarebosch rexroth indramotion mlc l20 firmwarele12

CPE	Name	Operator	Version
bosch:rexroth_indramotion_mlc_l20_firmware	bosch rexroth indramotion mlc l20 firmware	le	12

CNA Affected

[
  {
    "product": "IndraMotion MLC L25, L45, L65, L75, L85, XM21, XM22, XM41 and XM42 IndraControl XLC",
    "vendor": "Rexroth",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "12 VRS",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IndraMotion MLC L20, L40",
    "vendor": "Rexroth",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "12 VRS",
        "versionType": "custom"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-741752.html

Social References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVE-2021-23858

nvd2 prion2 cvelist2 cve1