Improper access control in Bosch Rexroth products - #VU82362
Published: October 25, 2023
ctrlX WR21 HMI - WR21 (WR2107)
ctrlX WR21 HMI - WR21 (WR2110)
ctrlX WR21 HMI - WR21 (WR2115)
Detailed vulnerability description
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when the Kiosk mode is used in conjunction with Google Chrome. An attacker with physical access can bypass implemented security restrictions and gain full root access.