Improper access control in Bosch Rexroth products - #VU82362

 

Improper access control in Bosch Rexroth products - #VU82362

Published: October 25, 2023


Vulnerability identifier: #VU82362
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Bosch Rexroth
Affected software:
ctrlX WR21 HMI - WR21 (WR2107)
ctrlX WR21 HMI - WR21 (WR2110)
ctrlX WR21 HMI - WR21 (WR2115)

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions when the Kiosk mode is used in conjunction with Google Chrome. An attacker with physical access can bypass implemented security restrictions and gain full root access.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources