Information Disclosure in Bosch Android Client Application
CVE-2023-45321

8.3HIGH

Key Information:

Vendor: Bosch Rexroth Ag
Status: Ctrlx Hmi Web Panel - Wr21 (wr2107); Ctrlx Hmi Web Panel - Wr21 (wr2110); Ctrlx Hmi Web Panel - Wr21 (wr2115)
Vendor: CVE Published:; 25 October 2023

🔔 Create Bosch Rexroth Ag Vulnerability Alert

What is CVE-2023-45321?

The Bosch Android Client application, when configured using method 1 that allows users to manually input the server IP address, utilizes HTTP to retrieve sensitive information such as IP addresses and authentication credentials for remote MQTT broker access. This lack of encryption in HTTP, which is not configurable by users, permits an attacker positioned within the same subnet as the HMI device to intercept critical username and password data. Consequently, this exposes the remote management protocol to potential unauthorized access, raising significant security concerns.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ctrlX HMI Web Panel - WR21 (WR2107) all

ctrlX HMI Web Panel - WR21 (WR2110) all

ctrlX HMI Web Panel - WR21 (WR2115) all

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-1756...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 18, 2023

JSON

Bosch Rexroth Ag

What is CVE-2023-45321?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.