CVE-2021-23857 — CRITICAL (10.0)

Q: How severe is CVE-2021-23857?

CVE-2021-23857 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-23857?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Rexroth Indramotion Mlc L20 Firmware, Bosch Rexroth Indramotion Mlc L20, Bosch Rexroth Indramotion Mlc L40 Firmware, Bosch Rexroth Indramotion Mlc L40, Bosch Rexroth Indramotion Mlc L25 Firmware.

Vulnerability Description

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosch	Rexroth Indramotion Mlc L20 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L20	-
Bosch	Rexroth Indramotion Mlc L40 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L40	-
Bosch	Rexroth Indramotion Mlc L25 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L25	-
Bosch	Rexroth Indramotion Mlc L45 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L45	-
Bosch	Rexroth Indramotion Mlc L65 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L65	-
Bosch	Rexroth Indramotion Mlc L75 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L75	-
Bosch	Rexroth Indramotion Mlc L85 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc L85	-
Bosch	Rexroth Indramotion Mlc Xm22 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm22	-
Bosch	Rexroth Indramotion Mlc Xm21 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm21	-
Bosch	Rexroth Indramotion Mlc Xm41 Firmware	<= 12
Bosch	Rexroth Indramotion Mlc Xm41	-

Related Weaknesses (CWE)

CWE-287 CWE-836

References

https://psirt.bosch.com/security-advisories/bosch-sa-741752.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-741752.htmlVendor Advisory

FAQ

What is CVE-2021-23857?

CVE-2021-23857 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

How severe is CVE-2021-23857?

CVE-2021-23857 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-23857?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Rexroth Indramotion Mlc L20 Firmware, Bosch Rexroth Indramotion Mlc L20, Bosch Rexroth Indramotion Mlc L40 Firmware, Bosch Rexroth Indramotion Mlc L40, Bosch Rexroth Indramotion Mlc L25 Firmware.