Lucene search

BoschCVELIST:CVE-2023-45844

HistoryOct 25, 2023 - 1:07 p.m.

CVE-2023-45844

2023-10-2513:07:15

bosch

www.cve.org

vulnerability

low privileged user

install android app

kiosk mode

critical device settings

device power management

device secure settings

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

CNA Affected

[
  {
    "vendor": "Rexroth",
    "product": "ctrlX HMI Web Panel - WR21 (WR2107)",
    "versions": [
      {
        "version": "all",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Rexroth",
    "product": "ctrlX HMI Web Panel - WR21 (WR2110)",
    "versions": [
      {
        "version": "all",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Rexroth",
    "product": "ctrlX HMI Web Panel - WR21 (WR2115)",
    "versions": [
      {
        "version": "all",
        "status": "affected"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-45844