Auth bypass in Boschrexroth Ctrlx_hmi_web_panel_wr2107

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a maliciou…

Vulnerability class: Broken Authentication

EPSS: 0.004 (35.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-45851?
CVE-2023-45851 is a high-severity vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107, classified under Missing Authentication for Critical Function. CVSS score: 8.8/10. Published 2023-10-25.
How severe is CVE-2023-45851?
High severity. CVSS v3 base score is 8.8 out of 10.