Vulnerabilities > CVE-2023-43488 - Missing Authorization vulnerability in Boschrexroth products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

boschrexroth

CWE-862

NVD

Published: 2023-10-25

Updated: 2023-11-06

Summary

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.

Vulnerable Configurations

Part	Description	Count
OS	Boschrexroth Boschrexroth Ctrlx HMI WEB Panel Wr2107 Firmware * Boschrexroth Ctrlx HMI WEB Panel Wr2110 Firmware * Boschrexroth Ctrlx HMI WEB Panel Wr2115 Firmware *	3
Hardware	Boschrexroth Boschrexroth Ctrlx HMI WEB Panel Wr2107 - Boschrexroth Ctrlx HMI WEB Panel Wr2110 - Boschrexroth Ctrlx HMI WEB Panel Wr2115 -	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html