CVE-2021-23858

EPSS 0.24%
Veröffentlicht 04.10.2021 18:15:07
Zuletzt bearbeitet 21.11.2024 05:51:57
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Rexroth Indramotion Mlc L20 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L20 Version-

Bosch ≫ Rexroth Indramotion Mlc L40 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L40 Version-

Bosch ≫ Rexroth Indramotion Mlc L25 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L25 Version-

Bosch ≫ Rexroth Indramotion Mlc L45 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L45 Version-

Bosch ≫ Rexroth Indramotion Mlc L65 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L65 Version-

Bosch ≫ Rexroth Indramotion Mlc L85 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L85 Version-

Bosch ≫ Rexroth Indramotion Mlc Xm21 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc Xm21 Version-

Bosch ≫ Rexroth Indramotion Mlc Xm22 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc Xm22 Version-

Bosch ≫ Rexroth Indramotion Mlc Xm41 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc Xm41 Version-

Bosch ≫ Rexroth Indramotion Mlc Xm42 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc Xm42 Version-

Bosch ≫ Indracontrol Xlc Firmware Version <= 12

Bosch ≫ Indracontrol Xlc Version-

Bosch ≫ Rexroth Indramotion Mlc L75 Firmware Version <= 12

Bosch ≫ Rexroth Indramotion Mlc L75 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.469

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N
psirt@bosch.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://psirt.bosch.com/security-advisories/bosch-sa-741752.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23858

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23858

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23858

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-23858