Vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107
CVE-2023-45844
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power managem…
EPSS: 0.003 (25.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Boschrexroth Ctrlx_hmi_web_panel_wr2107
- Boschrexroth Ctrlx_hmi_web_panel_wr2107_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2110
- Boschrexroth Ctrlx_hmi_web_panel_wr2110_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2115
- Boschrexroth Ctrlx_hmi_web_panel_wr2115_firmware
- Rexroth Ctrlx Hmi Web Panel - Wr21 (Wr2107) — versions all
- Rexroth Ctrlx Hmi Web Panel - Wr21 (Wr2110) — versions all
- Rexroth Ctrlx Hmi Web Panel - Wr21 (Wr2115) — versions all
Weakness classification (CWE)
References
- psirt@bosch.com (vendor-advisory, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-45844?
- CVE-2023-45844 is a medium-severity vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107, classified under Improper Access Control. CVSS score: 6.8/10. Published 2023-10-25.
- How severe is CVE-2023-45844?
- Medium severity. CVSS v3 base score is 6.8 out of 10.