CVE-2023-43488 - OpenCVE

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Boschrexroth	Ctrlx Hmi Web Panel Wr2107 Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Ctrlx Hmi Web Panel Wr2115 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-10-25T13:27:09.366Z

Updated: 2024-09-17T14:06:24.603Z

Reserved: 2023-10-18T09:35:22.492Z

Link: CVE-2023-43488

Vulnrichment

Updated: 2024-08-02T19:44:42.209Z

NVD

Status : Analyzed

Published: 2023-10-25T18:17:31.800

Modified: 2023-11-06T14:41:18.393

Link: CVE-2023-43488

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43488", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-10-18T09:35:22.492Z", "datePublished": "2023-10-25T13:27:09.366Z", "dateUpdated": "2024-09-17T14:06:24.603Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T13:27:09.366Z"}, "descriptions": [{"lang": "en", "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"version": "all", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:42.209Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T13:32:31.772490Z", "id": "CVE-2023-43488", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:06:24.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:42.209Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43488", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T13:32:31.772490Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:06:20.947Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Rexroth", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"status": "affected", "version": "all"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T13:27:09.366Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43488", "state": "PUBLISHED", "dateUpdated": "2024-09-17T14:06:24.603Z", "dateReserved": "2023-10-18T09:35:22.492Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2023-10-25T13:27:09.366Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."}, {"lang": "es", "value": "La vulnerabilidad permite que una aplicaci\u00f3n con pocos privilegios (no confiable) modifique una propiedad cr\u00edtica del sistema que deber\u00eda negarse, para permitir que el protocolo ADB (Android Debug Bridge) quede expuesto en la red, explot\u00e1ndolo para obtener un shell privilegiado en el dispositivo. sin requerir el acceso f\u00edsico a trav\u00e9s de USB."}], "id": "CVE-2023-43488", "lastModified": "2023-11-06T14:41:18.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:31.800", "references": [{"source": "psirt@bosch.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "psirt@bosch.com", "type": "Secondary"}]}