CVE-2023-41255

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html	Mitigation Vendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-25 18:17

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41255

Mitre link : CVE-2023-41255

CVE.ORG link : CVE-2023-41255

JSON object : View

Products Affected

boschrexroth

ctrlx_hmi_web_panel_wr2110
ctrlx_hmi_web_panel_wr2107
ctrlx_hmi_web_panel_wr2110_firmware
ctrlx_hmi_web_panel_wr2115_firmware
ctrlx_hmi_web_panel_wr2115
ctrlx_hmi_web_panel_wr2107_firmware

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-41255", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-25T18:17:30.737", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@bosch.com"}, {"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."}, {"lang": "es", "value": "La vulnerabilidad permite a un usuario sin privilegios con acceso a la subred del dispositivo TPC-110W obtener un shell ra\u00edz en el dispositivo abusando de la falta de autenticaci\u00f3n del archivo binario 'su' instalado en el dispositivo al que se puede acceder a trav\u00e9s del protocolo ADB (Android Debug Bridge) expuesto en la red."}], "lastModified": "2024-11-21T08:20:55.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}