Vulnerabilities > Bosch > Rexroth Indramotion MLC L40 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-23856 | Cross-site Scripting vulnerability in Bosch products The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 6.1 |
| 2021-10-04 | CVE-2021-23857 | Improper Authentication vulnerability in Bosch products Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. | 9.8 |
| 2021-10-04 | CVE-2021-23858 | Missing Authentication for Critical Function vulnerability in Bosch products Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. | 7.5 |