What is CVE-2021-23858?

CVE-2021-23858 is a high-severity vulnerability in Rexroth Indramotion Mlc L20, L40, classified under Information Disclosure. CVSS score: 8.6/10. Published 2021-10-04.

How severe is CVE-2021-23858?

High severity. CVSS v3 base score is 8.6 out of 10.

Information disclosure in Rexroth Indramotion Mlc L20, L40

CVE-2021-23858

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include…

Vulnerability class: Information Disclosure

EPSS: 0.002 (47.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Rexroth Indramotion Mlc L20, L40 — versions 12 VRS
Rexroth Indramotion Mlc L25, L45, L65, L75, L85, Xm21, Xm22, Xm41 And Xm42 Indracontrol Xlc — versions 12 VRS

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt.bosch.com/security-advisories/bosch-sa-741752.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-23858?: CVE-2021-23858 is a high-severity vulnerability in Rexroth Indramotion Mlc L20, L40, classified under Information Disclosure. CVSS score: 8.6/10. Published 2021-10-04.
How severe is CVE-2021-23858?: High severity. CVSS v3 base score is 8.6 out of 10.