Vulnerabilities > Bosch > Rexroth Indramotion MLC L20 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-23856 Cross-site Scripting vulnerability in Bosch products
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
network
low complexity
bosch CWE-79
6.1
2021-10-04 CVE-2021-23857 Improper Authentication vulnerability in Bosch products
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password.
network
low complexity
bosch CWE-287
critical
9.8
2021-10-04 CVE-2021-23858 Missing Authentication for Critical Function vulnerability in Bosch products
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication.
network
low complexity
bosch CWE-306
7.5