CVE-2025-24343

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...

CVE-2025-24343

CVE-2025-24343 affects ctrlX OS via the web app’s “Manages app data” function. The vulnerability allows a remote authenticated, low-privilege attacker to write arbitrary files to arbitrary filesystem paths through a crafted HTTP request. Several sources corroborate the same flaw, with no publicly...

CVE-2025-24343

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

CVE-2025-24342

CVE-2025-24342 affects the web-based login functionality of ctrlX OS. The root cause is an improper login process that enables remote, unauthenticated attackers to enumerate valid usernames by sending multiple crafted HTTP requests. This can facilitate targeted credential-guessing attempts agains...

CVE-2025-24342

A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...

CVE-2025-24340

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

CVE-2025-24341

A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...

CVE-2025-24341

A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...

CVE-2025-24341

The CVE-2025-24341 vulnerability affects the web application of ctrlX OS. A remote authenticated (low-privileged) attacker can induce a Denial-of-Service (DoS) on the device by sending multiple crafted HTTP requests, with the worst case requiring a full power cycle to regain control. According to...

CVE-2025-24340

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...

CVE-2025-24340

CVE-2025-24340 affects ctrlX OS. The vulnerability is in the users configuration file, allowing a remote authenticated (low-privileged) attacker to recover plaintext passwords of other users. CVSS 3.1 base score 6.5 (Network, Low AWS, Privileges Required: Low, User Interaction: None, Confidential...

CVE-2025-24340

A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...

CVE-2025-24339

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle MitM, via a crafted HTTP request...

CVE-2025-24339

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle MitM, via a crafted HTTP request...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

CVE-2025-24338

CVE-2025-24338 affects the web application of ctrlX OS, specifically the "Manages app data" functionality. A remote authenticated (low privilege) attacker can execute arbitrary client-side code in another user’s browser by sending multiple crafted HTTP requests. Evidence from multiple sources con...

CVE-2025-24338

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that stems from mishandling of error notification messages, which cou...