← voltar
CVE-2023-45851

CVE-2023-45851

CVSS 8.8 HIGHEPSS 0.4%CWE-306
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Bosch Rexroth AG · ctrlX HMI Web Panel - WR21 (WR2107)Bosch Rexroth AG · ctrlX HMI Web Panel - WR21 (WR2110)Bosch Rexroth AG · ctrlX HMI Web Panel - WR21 (WR2115)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html