Insecure Connection in Android Client Application by Bosch to MQTT Broker
CVE-2023-45851

8.8HIGH

Key Information:

Vendor: Bosch Rexroth Ag
Status: Ctrlx Hmi Web Panel - Wr21 (wr2107); Ctrlx Hmi Web Panel - Wr21 (wr2110); Ctrlx Hmi Web Panel - Wr21 (wr2115)
Vendor: CVE Published:; 25 October 2023

🔔 Create Bosch Rexroth Ag Vulnerability Alert

What is CVE-2023-45851?

The Android Client application from Bosch, upon enrollment with the AppHub server, establishes a connection to an MQTT broker without implementing server authentication measures. This lack of verification can be exploited by an attacker to manipulate the application into connecting to a rogue MQTT broker, thereby allowing the attacker to send fraudulent messages to any associated HMI device. This vulnerability highlights significant risks in secure communication protocols and the importance of enforcing robust authentication practices in IoT environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ctrlX HMI Web Panel - WR21 (WR2107) all

ctrlX HMI Web Panel - WR21 (WR2110) all

ctrlX HMI Web Panel - WR21 (WR2115) all

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-1756...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Oct 18, 2023

JSON

Bosch Rexroth Ag

What is CVE-2023-45851?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.