122 matches found
CVE-2025-48862
The CVE affects ctrlX OS (Bosch) where ambiguous wording in the web interface of the setup/backup mechanism could mislead users into thinking the backup is encrypted when a password is set. In reality, only the private key in the backup (if present) is encrypted; the backup file itself remains un...
CVE-2025-48861
A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...
CVE-2025-48861
CVE-2025-48861 describes a vulnerability in the Task API endpoint of the ctrlX OS setup mechanism, where an unauthenticated, remote attacker could access and exfiltrate internal application data (e.g., debug logs and the version of installed apps). Public sources consistently tie the issue to ina...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
CVE-2025-48860
CVE-2025-48860 affects the web application of the ctrlX OS setup mechanism. An authenticated, low-privilege attacker could remotely access backup archives created by a user with elevated permissions, potentially exposing sensitive data depending on archive contents. The advisory sources describe ...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS, which stems from an improperly controlled privilege of the backup mechanism and...
PT-2025-33139 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability exists in the Task API endpoint of the ctrlX OS setup mechanism. This allows a remote, unauthenticated attacker to access and extract internal application data, including...
BOSCH ctrlX OS 安全漏洞
BOSCH ctrlX OS is a Linux-based real-time operating system from the German company BOSCH. A security vulnerability exists in BOSCH ctrlX OS that stems from improper access control of Task API endpoints, which could lead to internal application data disclosure...
BOSCH ctrlX OS 安全漏洞
BOSCH ctrlX OS is a Linux-based real-time operating system from the German company BOSCH. A security vulnerability exists in BOSCH ctrlX OS that stems from an unclear description of backup file encryption, which could lead to a user misinterpreting the backup file encryption status...
PT-2025-33140 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: Ambiguous wording in the web interface of the setup mechanism could lead a user to believe that the backup file is encrypted when a password is set. However, only the private key – if...
PT-2025-33138 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the web application of the ctrlX OS setup mechanism allowed an authenticated attacker with low privileges to gain remote access to backup archives created by a user with...
CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...
CVE-2025-24345
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...
CVE-2025-24347
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the network configuration file via a crafted HTTP request...
CVE-2025-24343
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
CVE-2025-24349
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...
CVE-2025-24350
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request...
CVE-2025-24351
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...