Security News > 2024 > January > Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
2024-01-09 15:45

Researchers have discovered over two dozen vulnerabilities in "Smart" cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable.

The device supports a number of communication protocols that are used to integrate it with SCADA systems, PLCs, or other production devices.

Bosch Rexroth nutrunners are widely used in automotive production lines.

There has been no mention of these vulnerabilities being exploited by threat actors, but once technical details and updated firmware are made available, there's a chance some enterprising, skilled attackers might find it profitable to do the same research and use what they discovered.

As confirmed by Bosch Rexroth, the vulnerabilities affect Nexo cordless nutrunners from the NXA, NXP and NXV series, as well as a number of other similar devices.

Bosch Rexroth says that roughly half of the vulnerabilities will be fixed in the updated firmware version that will be released later this month, and has provided mitigation advice for CVE-2023-48257.


News URL

https://www.helpnetsecurity.com/2024/01/09/vulnerabilities-bosch-rexroth/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-48257 Improper Authentication vulnerability in Bosch Nexo-Os 1000/1500Sp2
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device.
network
low complexity
bosch CWE-287
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bosch 236 4 58 21 19 102