CVE-2023-45851

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.

This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

Ссылки

https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
Mitigation
Vendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00108

Низкий

8.8 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-v7pg-gp89-mfh2

CVSS3: 8.8

github

больше 2 лет назад

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

EPSS

Процентиль: 29%

0.00108

Низкий

8.8 High

CVSS3

Дефекты

CWE-306