Auth bypass in Boschrexroth Ctrlx_hmi_web_panel_wr2107
CVE-2023-45851
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a maliciou…
Vulnerability class: Broken Authentication
EPSS: 0.004 (35.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Boschrexroth Ctrlx_hmi_web_panel_wr2107
- Boschrexroth Ctrlx_hmi_web_panel_wr2107_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2110
- Boschrexroth Ctrlx_hmi_web_panel_wr2110_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2115
- Boschrexroth Ctrlx_hmi_web_panel_wr2115_firmware
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2107) — versions all
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2110) — versions all
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2115) — versions all
Weakness classification (CWE)
References
- psirt@bosch.com (vendor-advisory, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-45851?
- CVE-2023-45851 is a high-severity vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107, classified under Missing Authentication for Critical Function. CVSS score: 8.8/10. Published 2023-10-25.
- How severe is CVE-2023-45851?
- High severity. CVSS v3 base score is 8.8 out of 10.