Multiple vulnerabilities in Bosch ctrlX OS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2025-24346 CVE-2025-24348 CVE-2025-24347 CVE-2025-24345 CVE-2025-24344 CVE-2025-24343 CVE-2025-24342 CVE-2025-24341 CVE-2025-24340 CVE-2025-24339 CVE-2025-24338 CVE-2025-24349 CVE-2025-24350 CVE-2025-24351 CVE-2025-27532 |
| CWE-ID | CWE-1286 CWE-79 CWE-22 CWE-204 CWE-770 CWE-916 CWE-644 CWE-116 CWE-183 CWE-78 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ctrlX OS Operating systems & Components / Operating system |
| Vendor | Bosch Rexroth |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Improper Validation of Syntactic Correctness of Input
EUVDB-ID: #VU107981
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24346
CWE-ID:
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "Proxy" functionality of the web application. A remote user can send a specially crafted HTTP request and manipulate the "/etc/environment" file
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Validation of Syntactic Correctness of Input
EUVDB-ID: #VU107983
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24348
CWE-ID:
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "Network Interfaces" functionality of the web application. A remote user can send a specially crafted HTTP request and manipulate the wireless network configuration file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Validation of Syntactic Correctness of Input
EUVDB-ID: #VU107982
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24347
CWE-ID:
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "Network Interfaces" functionality of the web application. A remote user can send a specially crafted HTTP request and manipulate the network configuration file.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Validation of Syntactic Correctness of Input
EUVDB-ID: #VU107977
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24345
CWE-ID:
CWE-1286 - Improper Validation of Syntactic Correctness of Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "Hosts" functionality of the web application. A remote user can send a specially crafted HTTP request and manipulate the "hosts" file in an unintended manner.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.20.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU107976
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24344
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the error notification messages of the web application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.0
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.0:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Path traversal
EUVDB-ID: #VU107975
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24343
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the "Manages app data" functionality of the web application. A remote user can send a specially crafted HTTP request and write arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.0
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.0:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Observable Response Discrepancy
EUVDB-ID: #VU107974
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24342
CWE-ID:
CWE-204 - Observable Response Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the observable response discrepancy issue in the login functionality of the web application. A remote attacker can send specially crafted HTTP requests and guess valid usernames.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU107973
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24341
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling in the web application. A remote user can send specially crafted HTTP requests and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of Password Hash With Insufficient Computational Effort
EUVDB-ID: #VU107972
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24340
CWE-ID:
CWE-916 - Use of Password Hash With Insufficient Computational Effort
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a weak hash algorithm in the users configuration file. A remote user can recover the plaintext passwords of other users.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU107971
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24339
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests in the web application. A remote attacker can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Encoding or Escaping of Output
EUVDB-ID: #VU107970
Risk: Medium
CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24338
CWE-ID:
CWE-116 - Improper Encoding or Escaping of Output
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper encoding or escaping of output in the "Manages app data" functionality of the web application. A remote user can send specially crafted HTTP requests and execute arbitrary code on the syystem.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.0
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.0:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Permissive List of Allowed Inputs
EUVDB-ID: #VU107984
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24349
CWE-ID:
CWE-183 - Permissive List of Allowed Inputs
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to comprmise the target system.
The vulnerability exists due to improper permissive list of allowed inputs. A remote user can send a specially crafted HTTP request and delete the configuration of physical network interfaces.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Path traversal
EUVDB-ID: #VU107985
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24350
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the "Certificates and Keys" functionality of the web application. A remote user can send a specially crafted HTTP request and write arbitrary certificates in arbitrary file system paths.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) OS Command Injection
EUVDB-ID: #VU107986
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24351
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "Remote Logging" functionality of the web application. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.20.0 - 2.6.8
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.20.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Cleartext storage of sensitive information
EUVDB-ID: #VU107987
Risk: High
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-27532
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information in the "Backup & Restore" functionality of the web application. A remote user can gain access to secret information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsctrlX OS: 1.12.0 - 1.20.7
CPE2.3- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:bosch_rexroth:ctrlx_os:1.12.2:*:*:*:*:*:*:*
https://psirt.bosch.com/security-advisories/bosch-sa-640452.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
