CVE-2023-41255 - OpenCVE

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Boschrexroth	Ctrlx Hmi Web Panel Wr2107 Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Ctrlx Hmi Web Panel Wr2115 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-10-25T14:10:50.626Z

Updated: 2024-09-12T14:30:27.445Z

Reserved: 2023-10-18T09:35:22.497Z

Link: CVE-2023-41255

Vulnrichment

Updated: 2024-08-02T18:54:04.641Z

NVD

Status : Analyzed

Published: 2023-10-25T18:17:30.737

Modified: 2023-11-06T14:33:10.043

Link: CVE-2023-41255

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41255", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-10-18T09:35:22.497Z", "datePublished": "2023-10-25T14:10:50.626Z", "dateUpdated": "2024-09-12T14:30:27.445Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:10:50.626Z"}, "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"version": "all", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-306 Missing Authentication for Critical Function", "cweId": "CWE-306"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:04.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}]}, {"affected": [{"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2110", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2115", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T19:04:46.249983Z", "id": "CVE-2023-41255", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:30:27.445Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:04.641Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41255", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T19:04:46.249983Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2110", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2115", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T19:06:06.606Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"status": "affected", "version": "all"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:10:50.626Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41255", "state": "PUBLISHED", "dateUpdated": "2024-09-12T14:30:27.445Z", "dateReserved": "2023-10-18T09:35:22.497Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2023-10-25T14:10:50.626Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."}, {"lang": "es", "value": "La vulnerabilidad permite a un usuario sin privilegios con acceso a la subred del dispositivo TPC-110W obtener un shell ra\u00edz en el dispositivo abusando de la falta de autenticaci\u00f3n del archivo binario 'su' instalado en el dispositivo al que se puede acceder a trav\u00e9s del protocolo ADB (Android Debug Bridge) expuesto en la red."}], "id": "CVE-2023-41255", "lastModified": "2023-11-06T14:33:10.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:30.737", "references": [{"source": "psirt@bosch.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@bosch.com", "type": "Secondary"}]}