Auth bypass in Boschrexroth Ctrlx_hmi_web_panel_wr2107

CVE-2023-45220

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker en…

Vulnerability class: Broken Authentication

EPSS: 0.004 (31.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-45220?
CVE-2023-45220 is a high-severity vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107, classified under Missing Authentication for Critical Function. CVSS score: 8.8/10. Published 2023-10-25.
How severe is CVE-2023-45220?
High severity. CVSS v3 base score is 8.8 out of 10.