Vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107
CVE-2023-46102
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management…
EPSS: 0.004 (34.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Boschrexroth Ctrlx_hmi_web_panel_wr2107
- Boschrexroth Ctrlx_hmi_web_panel_wr2107_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2110
- Boschrexroth Ctrlx_hmi_web_panel_wr2110_firmware
- Boschrexroth Ctrlx_hmi_web_panel_wr2115
- Boschrexroth Ctrlx_hmi_web_panel_wr2115_firmware
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2107) — versions all
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2110) — versions all
- Bosch Rexroth Ag Ctrlx Hmi Web Panel - Wr21 (Wr2115) — versions all
Weakness classification (CWE)
References
- psirt@bosch.com (vendor-advisory, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-46102?
- CVE-2023-46102 is a high-severity vulnerability in Boschrexroth Ctrlx_hmi_web_panel_wr2107, classified under Use of Hard-coded Credentials. CVSS score: 8.8/10. Published 2023-10-25.
- How severe is CVE-2023-46102?
- High severity. CVSS v3 base score is 8.8 out of 10.