CVE-2023-45851 - OpenCVE

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Boschrexroth	Ctrlx Hmi Web Panel Wr2107 Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Ctrlx Hmi Web Panel Wr2115 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-10-25T14:18:08.811Z

Updated: 2024-09-11T18:06:40.524Z

Reserved: 2023-10-18T09:35:22.524Z

Link: CVE-2023-45851

Vulnrichment

Updated: 2024-08-02T20:29:32.293Z

NVD

Status : Analyzed

Published: 2023-10-25T18:17:35.427

Modified: 2023-11-06T14:33:29.510

Link: CVE-2023-45851

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45851", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-10-18T09:35:22.524Z", "datePublished": "2023-10-25T14:18:08.811Z", "dateUpdated": "2024-09-11T18:06:40.524Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:18:08.811Z"}, "descriptions": [{"lang": "en", "value": "The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.\u00a0\r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"version": "all", "status": "affected"}]}, {"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"version": "all", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "CWE-306 Missing Authentication for Critical Function", "cweId": "CWE-306"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:32.293Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}]}, {"affected": [{"vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "RC7(Build date 20231107)", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T16:00:27.264096Z", "id": "CVE-2023-45851", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:06:40.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:32.293Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45851", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-11T16:00:27.264096Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*"], "vendor": "boschrexroth", "product": "ctrlx_hmi_web_panel_wr2107", "versions": [{"status": "affected", "version": "0", "lessThan": "RC7(Build date 20231107)", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T15:58:49.962Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2107)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2110)", "versions": [{"status": "affected", "version": "all"}]}, {"vendor": "Bosch Rexroth AG", "product": "ctrlX HMI Web Panel - WR21 (WR2115)", "versions": [{"status": "affected", "version": "all"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.\u00a0\r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2023-10-25T14:18:08.811Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45851", "state": "PUBLISHED", "dateUpdated": "2024-09-11T18:06:40.524Z", "dateReserved": "2023-10-18T09:35:22.524Z", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "datePublished": "2023-10-25T14:18:08.811Z", "assignerShortName": "bosch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*", "matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*", "matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*", "matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.\u00a0\r\n\r\n\r\nThis issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device"}, {"lang": "es", "value": "La aplicaci\u00f3n cliente de Android, cuando se inscribe en el servidor AppHub, se conecta a un agente MQTT sin exigir ninguna autenticaci\u00f3n del servidor. Este problema permite a un atacante forzar a la aplicaci\u00f3n cliente de Android a conectarse a un agente MQTT malicioso, lo que le permite enviar mensajes falsos al dispositivo HMI."}], "id": "CVE-2023-45851", "lastModified": "2023-11-06T14:33:29.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:35.427", "references": [{"source": "psirt@bosch.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@bosch.com", "type": "Secondary"}]}