CVE-2023-41372 - Vulnerability Details - OpenCVE

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Boschrexroth	Ctrlx Hmi Web Panel Wr2107 Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Ctrlx Hmi Web Panel Wr2115 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-10-25T14:13:34.827Z

Updated: 2024-09-12T14:28:34.281Z

Reserved: 2023-10-18T09:35:22.507Z

Link: CVE-2023-41372

Vulnrichment

Updated: 2024-08-02T19:01:35.280Z

NVD

Status : Modified

Published: 2023-10-25T18:17:30.917

Modified: 2024-11-21T08:21:10.570

Link: CVE-2023-41372

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41372", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-10-18T09:35:22.507Z", "datePublished": "2023-10-25T14:13:34.827Z", "dateUpdated": "2024-09-12T14:28:34.281Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:13:34.827Z"}, "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"version": "all", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:35.280Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}]}, {"affected": [{"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2110", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}, {"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2115", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T18:51:52.995688Z", "id": "CVE-2023-41372", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:28:34.281Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41372", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-10-18T09:35:22.507Z", "datePublished": "2023-10-25T14:13:34.827Z", "dateUpdated": "2024-09-12T14:28:34.281Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:13:34.827Z"}, "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"version": "all", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:35.280Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T18:51:52.995688Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2110", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2115", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T18:54:42.035Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"}, {"lang": "es", "value": "La vulnerabilidad permite que una aplicaci\u00f3n de terceros sin privilegios (no confiable) modifique arbitrariamente la configuraci\u00f3n del servidor de la aplicaci\u00f3n cliente de Android, induci\u00e9ndola a conectarse a un servidor malicioso controlado por un atacante. Esto es posible falsificando una intenci\u00f3n de transmisi\u00f3n v\u00e1lida cifrada con un par de claves RSA codificadas"}], "id": "CVE-2023-41372", "lastModified": "2024-11-21T08:21:10.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:30.917", "references": [{"source": "psirt@bosch.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "psirt@bosch.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}