Vulnerabilities > CVE-2023-45844 - Unspecified vulnerability in Boschrexroth products

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

boschrexroth

NVD

Published: 2023-10-25

Updated: 2023-11-06

Summary

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

Vulnerable Configurations

Part	Description	Count
OS	Boschrexroth Boschrexroth Ctrlx HMI WEB Panel Wr2107 Firmware * Boschrexroth Ctrlx HMI WEB Panel Wr2110 Firmware * Boschrexroth Ctrlx HMI WEB Panel Wr2115 Firmware *	3
Hardware	Boschrexroth Boschrexroth Ctrlx HMI WEB Panel Wr2107 - Boschrexroth Ctrlx HMI WEB Panel Wr2110 - Boschrexroth Ctrlx HMI WEB Panel Wr2115 -	3

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html