CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-10-25 18:17

Updated : 2023-11-06 14:33

NVD link : CVE-2023-45851

Mitre link : CVE-2023-45851

CVE.ORG link : CVE-2023-45851

JSON object : View

Products Affected

boschrexroth

ctrlx_hmi_web_panel_wr2107_firmware
ctrlx_hmi_web_panel_wr2110
ctrlx_hmi_web_panel_wr2107
ctrlx_hmi_web_panel_wr2115_firmware
ctrlx_hmi_web_panel_wr2115
ctrlx_hmi_web_panel_wr2110_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-45851", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-25T18:17:35.427", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@bosch.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.\u00a0\r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"}, {"lang": "es", "value": "La aplicaci\u00f3n cliente de Android, cuando se inscribe en el servidor AppHub, se conecta a un agente MQTT sin exigir ninguna autenticaci\u00f3n del servidor. Este problema permite a un atacante forzar a la aplicaci\u00f3n cliente de Android a conectarse a un agente MQTT malicioso, lo que le permite enviar mensajes falsos al dispositivo HMI."}], "lastModified": "2023-11-06T14:33:29.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}